> Insofar as any of us can predict the future, I would say the answer to
this is
> definitely yes. Among other things, the lack of a timeout creates a
pretty easy
> DOS attack against a Tomcat server -- simply open enough socket
connections to
> exhaust the configured pool size, and just sit there.
Note : It's not that much better with 4.0 against DOS, since the connector
will still sit idle for quite some time before closing the connection, so it
would just be maginally harder to DOS.
> Over time, we will probably want to tweak how long the timeouts actually
are,
> based on the state of the interaction so far, but AFAIKT they will always
be
> needed.
Yes, it will be in in 4.1, since the client can actually give hints about
the keep alive duration with the Connection header. In 4.1, the timeout
value will also be dynamic depending on how many processors are idle (the
less there are, the shorter the timeout).
Also, the connection timeout can be set for the connector using the
connectionTimeout property. The default is 60s.
This (put in the server.xml file) would set the timeout to 30s :
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="80" minProcessors="5" maxProcessors="75"
acceptCount="10" debug="0" connectionTimeout="30000"/>
Other useful features in the connector would be :
- Support for tranfer encodings (like deflate and gzip) which should be easy
to do by layering output streams.
- Add a (configurable) mechnism to limit the number of connections any given
client get get.
I do not anticipate that 4.1 will introduce a lot of new core features (the
main one - the JNDI stuff - is already in), but will feture a number of
limited code rewrite and reorganization to improve robustness and
performance.
Remy
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
