-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Alex,
On 10/3/18 20:25, Alex O'Ree wrote: > Thanks Chris. I ended up using aggressive read timeout values on > the Web service clients by adding properties to the binding > provider. Thing is, every jre version and soap attacks use > different versions which made this much harder to track down. SOAP attacks? FWIW, all clients should always be specifying sane timeout values. Most programmers are lazy, though, and leave them to the default (which is almost always "infinite"). - -chris > On Tue, Oct 2, 2018, 1:44 PM Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Alex, > > On 9/29/18 08:31, Alex O'Ree wrote: >>>> Does tomcat detect or mitigate against half open tcp >>>> connections? > > Not directly. Basically, that's the OS's job. > >>>> I recently ran into an issue where something in between a >>>> java jaxws client and a jaxws service running in tomcat is >>>> interfering with the tcp stream. Resolving this client side >>>> has been a challenge due the transmitting thread hanging >>>> forever waiting to read from the remote server and not being >>>> able to be interrupted or aborted. While troubleshooting >>>> this, it dawned on me that services running in tomcat may run >>>> into a similar problem and was wondering if tomcat has any >>>> safe guards for this scenario. If it does, what is the >>>> strategy used? I'm thinking maybe I can something similar >>>> client side. > > In these cases, the only option the server has is to close the > connection and then let the TCP stack purge the connection after > some time in the penalty box (FIN_WAIT, FIN_WAIT2, or TIME_WAIT). > > If you see these kinds of connections piling-up, you may want to > tweak the options of your TCP stack to have them cleared-out more > quickly. > > -chris >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlu2Rm0ACgkQHPApP6U8 pFirFxAAwDR7FwEYsLMM8iTy5Kl9dmguVDpJPkXKvw8ar3Djrk7/K1SPVodv7AWV 2+UqnZvFmDQ9LB9LRKuZc1fqeZsrxltVnJcjSRyIpJQAyWF9D3chNY6h5OYDCi9k zuoN6naTcGNzmCTLDhoCNsAOO/u4PP24tBXLWqsXGtViuTHXA3DxjHo26PLfcZPT WrhXyfG8o0eOWZ0vfsCbHzjOeyoVspJl5WIqtT4rszAoZnlUmYsSmjQrmZIJsc0l TRqHDEZImAbORKiMAt5eTHTnoYN8B6Onp7zhDverCD8vCJS+RabxpXxI/0FH8Y10 BNKxaNltFfTaqBhWcbcWnO6aKKauLonECjINOEd1Ad0eac0YrkKKBnIIJ6+CTzgh k1fVF8eev5s1mGydEaI7zUrvXh4iU6kH6E75GIZF1Mk2xbXZRIEXjcQNF4XvxjPz paQh229ozs0Ul8iyNzRhvr/fuPiVmxrKzXLhEZWDiVcZ946G34a5hfkDv6jSevMr CnElgmlZ1VwxCzhyiM6EJuoO+pTgj0dOg569xPEhhMtrXyhVtLFFa08IbQFTxLv7 BYgoQeD8KA8Yxgn0orBBcvP34DAPAw3YZl6FxZ9pxL8X6h+h4fHhqYeHtpMUAqEp flwUmO8EW/xgHJF58dihGN0sY2lJD8p5XFsWC30i2LJNE+wd2lU= =K14S -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
