tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Harsimranjit singh Kler <>
Subject Re: HTTP connection timout
Date Fri, 12 Jul 2013 11:09:22 GMT
> The Connector's are "shared" by all Hosts and all applications.
> So the connectionTimeout is already global for all requests that come in
> on the corresponding Connector port.
> This parameter is there specifically to fight one type of
> Denial-Of-Service attack, whereby some malicious client(s) create a TCP
> connection to the server (which has the effect of reserving some resources
> on the server for handling this connection), and then just sit there
> without sending any HTTP request on that connection.
> By making this delay shorter, you shorten the time during which the server
> resources are allocated, to serve a request that will never come.
> This has to be balanced against legitimate clients which may be slow in
> sending the request line.  But 60 seconds is a really long time to wait for
> such legitimate client requests nowadays. You can probably lower that to
> 5000 (= 5 s.) without any ill effect on the legitimate clients.
> Note that as soon as the HTTP request line has been received, this timeout
> plays no role anymore. So it is not usable to limit the time that an
> application requires to process and respond to the request.  As far as I
> know, there is no standard parameter available in Tomcat to do that.  Which
> is also rather understandable, because Tomcat has no idea what kind of
> delay makes sense for any particular application with any particular
> request parameters.  Only you would know that, on a call-by-call base.
> Final note : if a browser makes a request to a HTTP server, and does not
> get any response for about 5 minutes, the browser will time out and show an
> error message like "the server is not responding" etc..
Thanks Make sense.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message