Hi all, At the moment I believe that we don't have any mechanism on Axis2/C where a user can easily limit the number of connections made to a single service, and thereby prevent the server from being non-responsive when a large number of concurrent requests are made. Obviously this will elevate the threat of a single service being denied, and that will require WS-Security or HTTP Authentication to be prevented.
Ordinary servers have a request threshold once when exceeded a 503 status is sent. In a SOAP scenario, we should rather use a suitable exception and in a REST scenario we should be reporting a 503 status. The information on number of concurrent requests that can be handled should probably go into the services.xml as it being a service specific number. A global defualt setting can possibly be stored in the axis2.xml. Thoughts? Regards, Senaka --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
