The logs look inconspicuous indeed. Some more questions: • You mentioned that the Jetty server “goes down”. What does that mean? Does it simply block any further requests? Do you have a 100% CPU workload? • Which BaseX services are enabled in your web.xml? Does Jetty stall if you disable all REST, RESTXQ, and/or WebDAV?
Best, Christian On Mon, Apr 3, 2023 at 4:44 PM <ykhab...@bellsouth.net> wrote: > > Hi Christian, > > IMO, it is just the number of requests. > I attached the .log file. > > -----Original Message----- > From: Christian Grün <christian.gr...@gmail.com> > Sent: Monday, April 3, 2023 10:32 AM > To: ykhab...@bellsouth.net > Cc: BaseX <basex-talk@mailman.uni-konstanz.de> > Subject: Re: [basex-talk] BaseX HTTP service goes down due to Qualys Agent > > Hi Yitzhak, > > have you checked the resulting log files in the data/.logs directory? > Are there specific requests that take too much time, or is it the plain > number of incoming requests that eventually slows down the system? > > Best, > Christian > > > On Mon, Apr 3, 2023 at 4:29 PM <ykhab...@bellsouth.net> wrote: > > > > Hello, > > > > > > > > We are using BaseX 10.5 via its HTTP service in a corporate environment. > > > > > > > > We have an automated Qualys Agent that does a vulnerability scan of that > > server with the BaseX. > > > > Qualys Agent scan process includes web sites related tests such as > > Cross-Site Scripting, SQL Injection, etc. > > > > The rapid nature of the Qualys Agent requests effectively gives us a DoS > > attack on the eclipse.jetty.server. > > > > It cannot process so many requests and goes down. > > > > > > > > In the meantime, our solution is to restart BaseX HTTP service manually via > > basexhttp.bat. > > > > > > > > Question: is it possible to somehow configure the eclipse.jetty.server so > > it will be able to sustain the Qualys Agent vulnerability scan? > > > > > > > > > > > > Regards, > > Yitzhak Khabinsky > > > >
