tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Avoiding/Handling SocketTimeoutException(s) when web application serving resources to mobile clients
Date Mon, 11 Nov 2013 15:29:00 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

André,

On 11/11/13, 5:41 AM, André Warnier wrote:
> Howard W. Smith, Jr. wrote:
>> On Sun, Nov 10, 2013 at 9:14 AM, Howard W. Smith, Jr. < 
>> smithh032772@gmail.com> wrote:
>> 
>>> Caused by: java.net.SocketTimeoutException at 
>>> org.apache.tomcat.util.net.NioBlockingSelector.write(NioBlockingSelector.java:127)
>>>
>>>
>>> 
at
>>> org.apache.tomcat.util.net.NioSelectorPool.write(NioSelectorPool.java:174)
>>>
>>>
>>> 
at
>>> org.apache.coyote.http11.InternalNioOutputBuffer.writeToSocket(InternalNioOutputBuffer.java:163)
>>>
>>>
>>
>>
>>> 
my apologies, based on this exception (above), I decided to provide you
>> with the following from my tomee/conf/server.xml:
>> 
>> 
>> <Connector port="8080" 
>> protocol="org.apache.coyote.http11.Http11NioProtocol" 
>> maxThreads="150" connectionTimeout="20000" 
>> acceptorThreadCount="2" redirectPort="8443"
>> socket.directBuffer="false"/>
>> 
>> 
>> I guess the answer may be the connectionTimeout="..." (above),
>> but still would like to know recommendations of others based on
>> experience with web application serving mobile clients. thanks.
>> 
> 
> AFAIK, the "connectionTimeout" above applies specifically to this
> : - the client opens a TCP connection to the server - but then the
> client does not send any request over that connection (so the
> server waits and waits, until that timeout strikes).

More specifically, it's the timeout within which the client must send
the *request line* of the request. The whole request can take 10
minutes (e.g. huge streaming upload) for all Tomcat cares, as long as
the initial request line arrives within that 20 seconds.

> This is a classic way of doing a DoS attack : many clients connect
> and don't send a request (or do it very slowly), tying up server
> resources until the server is overwhelmed. In some Connector
> configurations, this does not necessarily tie up a Thread (only a
> TCP socket), but it does have the potential to tie up limited
> resources. The value of 20000 above is in milliseconds, so after a
> connection is established, the server will wait up to 20 seconds
> for a request to be received. I would not expect nowadays that any
> client, on any type of connection, would take that long to send a
> request on an established connection.  So I would certainly not
> make it larger, and you can probably reduce it significantly, and
> save resources.

+1

If a client doesn't send the request within about 5 seconds, I don't
think it's going to send it at all. (Probably less than 5 seconds,
honestly, but I've never bothered to collect the data on my servers to
substantiate that assertion).

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSgPe8AAoJEBzwKT+lPKRYDH0QAMnXTmInl/aRqYQY8nONf16K
2Scj1Jk4r2X9fjRaGXnO9p5A3vmnrTnUEruaKBl1Jym8Y0nMFbPtSBsxXaKTfRBH
uvIZAj0jyKkuS7oaXBGAjCkRP8ZGNWyHgjB/e+EBWg7dinAl3zfe6Ims4EBIUxc5
GL3fdbyX6uMhV7snMilYXT3OJcp8vPXDGTG6apOLoepfbMxCiBdYpV0MEKO6FEu1
v5lSoN5Clk3g1d9i7utxrfV/cegsABxRDxNpo56SrjdajVkfrOOzr9Wf1Qqy+bIe
nxMcK+AT/V/SNxpHjQ07grK5lBMjqd/vA4AgKDCQGX+qgfoF+6q7lA6YAk6wP7M9
QrBEe9Vj7Q9TLNE+DhClh/BZV5WYcXjUq6q4PI+G0XJYxwYHNcEGEj/ror5+Rqdg
af7iru3koQUFXqIHCblvjESmDsxLTmuI+Bh3NEZrm/VLdM2BiLAnnJQeILIhy2Ez
YZPq1LlbQojYBGITgii72wD9eS1TR309quFT5YQXd1GsTbCUU2Z/uOxPAJ9BZDJF
6nZZLvdRh0sBptqtomzgaYMcSrVBbBanoRwWxE2Gwo2iKHkpnhkWlG1mdyLEjeNk
Rq2+HzdEOHNPLXB9i528huvQKPP1BTPlUtuWd5d3aAVIb9yHoG5oesTsidPsXoLY
scuBEQREmP7qMtaOSGq5
=tEDl
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message