socket.setSoTimeout(connectionTimeout)
I was pleased to see that a connection timeout has been added to Tomcat 4.0 in the HttpConnector class. A timeout was missing in Sun's JSDK through version 2.0 and in earlier versions of Tomcat. Without a timeout, the servlet runner process accumulates dead connections on the Internet and, with the JSDK, eventually stops accepting new ones since its "max handlers" limit is reached. Dead connections happen all the time out on the Internet when clients make a connection but send in only a few HTTP GET request headers, or no headers at all, and then go away (because of modem disconnects, computers crashes, or anything else silently breaking the connection between the client and the server). I suspect people didn't notice it because they tend to run servlets behind Apache, which does have a connection timeout: http://httpd.apache.org/docs/mod/core.html#timeout We run Tomcat as standalone process, though. Will that connection timeout be a permanent feature in Tomcat starting with version 4.0? Thanks, John Neffenger - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: socket.setSoTimeout(connectionTimeout)
John Neffenger wrote: I was pleased to see that a connection timeout has been added to Tomcat 4.0 in the HttpConnector class. A timeout was missing in Sun's JSDK through version 2.0 and in earlier versions of Tomcat. Without a timeout, the servlet runner process accumulates dead connections on the Internet and, with the JSDK, eventually stops accepting new ones since its "max handlers" limit is reached. Dead connections happen all the time out on the Internet when clients make a connection but send in only a few HTTP GET request headers, or no headers at all, and then go away (because of modem disconnects, computers crashes, or anything else silently breaking the connection between the client and the server). I suspect people didn't notice it because they tend to run servlets behind Apache, which does have a connection timeout: http://httpd.apache.org/docs/mod/core.html#timeout We run Tomcat as standalone process, though. Will that connection timeout be a permanent feature in Tomcat starting with version 4.0? Insofar as any of us can predict the future, I would say the answer to this is definitely yes. Among other things, the lack of a timeout creates a pretty easy DOS attack against a Tomcat server -- simply open enough socket connections to exhaust the configured pool size, and just sit there. Over time, we will probably want to tweak how long the timeouts actually are, based on the state of the interaction so far, but AFAIKT they will always be needed. Thanks, John Neffenger Craig McClanahan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: socket.setSoTimeout(connectionTimeout)
Insofar as any of us can predict the future, I would say the answer to this is definitely yes. Among other things, the lack of a timeout creates a pretty easy DOS attack against a Tomcat server -- simply open enough socket connections to exhaust the configured pool size, and just sit there. Note : It's not that much better with 4.0 against DOS, since the connector will still sit idle for quite some time before closing the connection, so it would just be maginally harder to DOS. Over time, we will probably want to tweak how long the timeouts actually are, based on the state of the interaction so far, but AFAIKT they will always be needed. Yes, it will be in in 4.1, since the client can actually give hints about the keep alive duration with the Connection header. In 4.1, the timeout value will also be dynamic depending on how many processors are idle (the less there are, the shorter the timeout). Also, the connection timeout can be set for the connector using the connectionTimeout property. The default is 60s. This (put in the server.xml file) would set the timeout to 30s : Connector className="org.apache.catalina.connector.http.HttpConnector" port="80" minProcessors="5" maxProcessors="75" acceptCount="10" debug="0" connectionTimeout="3"/ Other useful features in the connector would be : - Support for tranfer encodings (like deflate and gzip) which should be easy to do by layering output streams. - Add a (configurable) mechnism to limit the number of connections any given client get get. I do not anticipate that 4.1 will introduce a lot of new core features (the main one - the JNDI stuff - is already in), but will feture a number of limited code rewrite and reorganization to improve robustness and performance. Remy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]