Hello
yep, on Linux! thanks very much indeed for the quick reply.
Ok, so I understand it's normal for there to be a large number
of children by default, but maybe I wasn't very good at stating
my original problem.
my clients (running IE 5 & 6) are on the same LAN as the server
running CFMX/Linux. If they go to a cold fusion page on that
server and hold down F5 for about 5-10 seconds, cold fusion dies
on the server - as in any CF page will take an infinite amount
of time load (only tested values of infinity up to hour, though)
Cfserver.log fills up rapidly with:
"
08/20 14:03:15 error Error while reading header SESSION
java.io.IOException: Broken pipe
at java.net.SocketOutputStream.socketWrite(Native Method)
at java.net.SocketOutputStream.write(SocketOutputStream.java:91)
at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
at
java.io.BufferedOutputStream.flush(BufferedOutputStream.java:125)
at
jrun.servlet.jrpp.ProxyEndpoint.getHeader(ProxyEndpoint.java:687)
at
javax.servlet.http.HttpServletRequestWrapper.getHeader(HttpServletReques
tWrapper.java:124)
at
javax.servlet.http.HttpServletRequestWrapper.getHeader(HttpServletReques
tWrapper.java:124)
at coldfusion.runtime.CgiScope.resolve(Unknown Source)
at coldfusion.runtime.CgiScope.containsName(Unknown Source)
at coldfusion.runtime.CgiScope.search(Unknown Source)
at coldfusion.runtime.NeoPageContext.searchScopes(Unknown
Source)
at coldfusion.runtime.CfJspPage._get(Unknown Source)
at coldfusion.runtime.CFPage.isDefinedCanonicalVariable(Unknown
Source)
at
cfclassic2ecfm1738071574._factor5(/usr/local/coldfusionmx/wwwroot/WEB-IN
F/debug/classic.cfm:610)
at
cfclassic2ecfm1738071574._factor6(/usr/local/coldfusionmx/wwwroot/WEB-IN
F/debug/classic.cfm:430)
at
cfclassic2ecfm1738071574._factor7(/usr/local/coldfusionmx/wwwroot/WEB-IN
F/debug/classic.cfm:640)
at
cfclassic2ecfm1738071574.runPage(/usr/local/coldfusionmx/wwwroot/WEB-INF
/debug/classic.cfm:724)
at coldfusion.runtime.CfJspPage.invoke(Unknown Source)
at coldfusion.tagext.lang.IncludeTag.doStartTag(Unknown Source)
at coldfusion.filter.CfincludeFilter.invoke(Unknown Source)
at coldfusion.filter.CfincludeFilter.include(Unknown Source)
at coldfusion.filter.BrowserDebugFilter.invoke(Unknown Source)
at coldfusion.filter.ClientScopePersistenceFilter.invoke(Unknown
Source)
at coldfusion.filter.BrowserFilter.invoke(Unknown Source)
at coldfusion.filter.GlobalsFilter.invoke(Unknown Source)
at coldfusion.filter.DatasourceFilter.invoke(Unknown Source)
at coldfusion.CfmServlet.service(Unknown Source)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at
jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at
jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:241
)
at
jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:527
)
at
jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:
198)
at
jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.j
ava:348)
at
jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java
:451)
at
jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.jav
a:294)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
"
The borken pipe would suggest to me that IE is closing the connection
before it has finished it's request and
starts a new one at the speed of the repeat rate of the F5 key. I know
this is an unusual condition, but I
don't like the idea of the server being able to be DoSed so easily.
andrew
-----Original Message-----
From: Jesse Noller [mailto:[EMAIL PROTECTED]]
Sent: 20 August 2002 13:35
To: CF-Linux
Subject: RE: DoS attack circumvention
On linux, right?
Welcome to the wonderful world of Linux "threading" Linux does not have
threading itself, instead, it has threading "emulation". This means that
a parent and children threads display as single processes instead of
thread -> child (as on solaris).
What you are seeing is normal, it's Java starting the parent and forking
the children. This is not a DoS attack.
Jesse Noller
[EMAIL PROTECTED]
Macromedia Server Development
Unix/Linux "special guy"
> -----Original Message-----
> From: Andrew Whalley [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 20, 2002 5:04 AM
> To: CF-Linux
> Subject: DoS attack circumvention
>
> Hello
>
> I've got CFMX running with apache 1.3.26 and everything seems to be
> running fine.
>
> however I notice that by default there seem to be ~40 cfusion
processes
> spawned.
> If I go to even a fairly basic cold fusion page being run from that
> server and keep
> F5 (refresh) held down, the number of processes shoots up and even
> though my
> server load is still fairly low and there is memory free, cold fusion
> hangs and does
> not serve any pages for a few seconds or sometimes ever again, if F5
is
> kept down
> for long enough.
>
> I've tried playing with the settings of "Limit simultaneous requests
to"
> and "Timeout Requests after ( seconds )" in CFAdministrator and all
the
> apache
> children settings to no avail.
>
> The server itself is beefy, 2x 933 PIII & 512 MB Ram
>
> anybody any ideas or come across this before? It's not a problem with
> the database
> server being a bottle neck, checked that - and the same CF page does
not
> experience
> the same thing under windows 2k/CF5.5.
>
> thanks very much indeed
>
> andy
>
______________________________________________________________________
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
