Re: service() failed with http error 413 - error log message from isapi_redirect.log file
On 17.07.2012 06:15, ann ramos wrote: Thanks Tim for your quick reply. I have already increased the max_packet_size to the maximum allowable value way way before and it still comes up: worker.wlb.max_packet_size=65536 You need to increase the size on the Tomcat side to. Just the Request Entity Too Large error is the one that I want to concentrate on at the moment. Can you try using http instead of https? This way we could decide whether it is more likely a problem of forwarding SSL info in the AJP header packet (the 8K resp. 64K thing) or whether some huge header or similar is actually coming from your client. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
can I disable tomat 7 web-socket?
By disable tomcat comet, I dont want tomcat create thread for web-socket, how do I do that? Best Regards, Abduxkur.Ablimit
Re: service() failed with http error 413 - error log message from isapi_redirect.log file
Yes, I have also increased the one in the server.xml of te tomcat instance. Haven't tried using it as an http just to see if its going to make a difference. I'm going to ask the users. Thanks. On 17/07/2012, at 4:59 PM, Rainer Jung rainer.j...@kippdata.de wrote: On 17.07.2012 06:15, ann ramos wrote: Thanks Tim for your quick reply. I have already increased the max_packet_size to the maximum allowable value way way before and it still comes up: worker.wlb.max_packet_size=65536 You need to increase the size on the Tomcat side to. Just the Request Entity Too Large error is the one that I want to concentrate on at the moment. Can you try using http instead of https? This way we could decide whether it is more likely a problem of forwarding SSL info in the AJP header packet (the 8K resp. 64K thing) or whether some huge header or similar is actually coming from your client. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
websockets: how to support most browsers that are using old version of websocket protocol
While latest websocket protocol is supported in Tomcat, a lot of browsers out there are using older versions of the protocol. It may take them years to phase out. Considering this, I also need to support older protocol versions. I am not sure how to do this. One route is I install jwebsocket. I am wondering if there is an easier way to make WebSocketServlet support older protocols. thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: can I disable tomat 7 web-socket?
2012/7/17 Abduxkur Ablimit sugar...@yahoo.com: By disable tomcat comet, I dont want tomcat create thread for web-socket, how do I do that? There is no such thing as thread for web-socket. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
force embedded tomcat 7 to listen on ALL adresses
Hi all! I've embedded tomcat 7 using org.apache.catalina.startup.Tomcat class. It seems that by default it listens on localhost. I've noticed there is a method org.apache.catalina.startup.Tomcat.setHostname(String) which I can use to change this. But I can't find how I can tell tomcat to listen on ALL addresses. I know how to do this in server.xml (just omit the address attribute in connector), but as new embedded tomcat does not use config file I'm not sure how to achieve this. Can anyone help me?
Re: can I disable tomat 7 web-socket?
Maybe I am wrong, I saw that tomcat 7.0.28 (didnt notice other version) create Threads like in the picture, I thought that tomcat created thread named http-apr-80-cometPoller-1. if these threads are not created for web-socket ,then what is it for? I am confused. From: Konstantin Kolinko knst.koli...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, July 17, 2012 5:52 PM Subject: Re: can I disable tomat 7 web-socket? 2012/7/17 Abduxkur Ablimit sugar...@yahoo.com: By disable tomcat comet, I dont want tomcat create thread for web-socket, how do I do that? There is no such thing as thread for web-socket. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: can I disable tomat 7 web-socket?
the Image did not show .so I paste what is in that image Daemon Thread [http-apr-80-Poller-1] (Running) Daemon Thread [http-apr-80-Poller-0] (Running) Daemon Thread [http-apr-80-Poller-2] (Running) Daemon Thread [http-apr-80-Poller-4] (Running) Daemon Thread [http-apr-80-Poller-3] (Running) Daemon Thread [http-apr-80-Poller-6] (Running) Daemon Thread [http-apr-80-Poller-7] (Running) Daemon Thread [http-apr-80-Poller-5] (Running) Daemon Thread [http-apr-80-CometPoller-1] (Running) Daemon Thread [http-apr-80-CometPoller-3] (Running) Daemon Thread [http-apr-80-CometPoller-0] (Running) Daemon Thread [http-apr-80-CometPoller-2] (Running) Daemon Thread [http-apr-80-CometPoller-4] (Running) Daemon Thread [http-apr-80-CometPoller-5] (Running) Daemon Thread [http-apr-80-CometPoller-7] (Running) Daemon Thread [http-apr-80-CometPoller-6] (Running) Daemon Thread [http-apr-80-AsyncTimeout] (Running) Daemon Thread [http-apr-80-Acceptor-0] (Running) Daemon Thread [http-apr-80-Sendfile-0] (Running) Daemon Thread [ajp-apr-8009-Poller-2] (Running) Daemon Thread [ajp-apr-8009-Poller-0] (Running) Daemon Thread [ajp-apr-8009-Poller-1] (Running) Daemon Thread [ajp-apr-8009-Poller-5] (Running) Daemon Thread [ajp-apr-8009-Poller-4] (Running) Daemon Thread [ajp-apr-8009-Poller-3] (Running) Daemon Thread [ajp-apr-8009-Poller-6] (Running) Daemon Thread [ajp-apr-8009-CometPoller-5] (Running) Daemon Thread [ajp-apr-8009-CometPoller-1] (Running) Daemon Thread [ajp-apr-8009-Poller-7] (Running) Daemon Thread [ajp-apr-8009-CometPoller-0] (Running) Daemon Thread [ajp-apr-8009-CometPoller-2] (Suspended) Object.wait(long) line: not available [native method] AprEndpoint$Poller(Object).wait() line: 485 [local variables unavailable] AprEndpoint$Poller.run() line: 1213 From: Abduxkur Ablimit sugar...@yahoo.com To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, July 17, 2012 6:29 PM Subject: Re: can I disable tomat 7 web-socket? Maybe I am wrong, I saw that tomcat 7.0.28 (didnt notice other version) create Threads like in the picture, I thought that tomcat created thread named http-apr-80-cometPoller-1. if these threads are not created for web-socket ,then what is it for? I am confused. From: Konstantin Kolinko knst.koli...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, July 17, 2012 5:52 PM Subject: Re: can I disable tomat 7 web-socket? 2012/7/17 Abduxkur Ablimit sugar...@yahoo.com: By disable tomcat comet, I dont want tomcat create thread for web-socket, how do I do that? There is no such thing as thread for web-socket. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: force embedded tomcat 7 to listen on ALL adresses
Ok, I've figured out it DOES listen on ALL addresses no matter what hostname is, but somehow requests only succeed if they have the hostname matching with the one set by Tomcat.setHostname(...) (which is localhost by default). I'm not sure where the requests fail, but they do. 2012/7/17 Alexander Shutyaev shuty...@gmail.com Hi all! I've embedded tomcat 7 using org.apache.catalina.startup.Tomcat class. It seems that by default it listens on localhost. I've noticed there is a method org.apache.catalina.startup.Tomcat.setHostname(String) which I can use to change this. But I can't find how I can tell tomcat to listen on ALL addresses. I know how to do this in server.xml (just omit the address attribute in connector), but as new embedded tomcat does not use config file I'm not sure how to achieve this. Can anyone help me?
Re: force embedded tomcat 7 to listen on ALL adresses
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander, On 7/17/12 6:42 AM, Alexander Shutyaev wrote: Ok, I've figured out it DOES listen on ALL addresses no matter what hostname is, but somehow requests only succeed if they have the hostname matching with the one set by Tomcat.setHostname(...) (which is localhost by default). I'm not sure where the requests fail, but they do. What happens when the requests don't succeed? If you have a connector bound to 0.0.0.0 (or ::) then it should accept connections on any interface. If you have a Host defined that is the default, then it should respond to all requests that don't match another Host. As long as you set the hostname before calling any of the more interesting methods, then the hostname you specify should be the default. If you set no hostname, then it will default to localhost and will be *the default Host* so everything should work. Please describe in more detail what happens. Also, if you could post your entire use of the Tomcat class, that would certainly help. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAFcLgACgkQ9CaO5/Lv0PCWCwCgidVx5uhVkpqk/rdSCnYeqbSl wMcAnR3fk//7SHueaNwH5SLv8U+mGDnU =C25J -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Client Authentication using SSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeffrey, On 7/16/12 10:01 AM, Jeffrey Janner wrote: Thanks Chris, I'd seen a lot of traffic on the topic over the years, so knew someone had real-world experience on the subject. I'll check out what you did a little further. Of course, thinking on my proposed plan, a really uptight security admin might not think it all that more secure that basic-auth over server-only SSL. You know the type: the guy that insists the SSLPassword value in server.xml be encrypted. Yup. SSL client certificates are great because it's basically impossible to fake them, and once they are installed, you don't have anything to remember (like a passphrase). So, you can do super-high-grade authentication one-time, then issue the SSL cert to avoid all that in the future. Plus, they can be revoked. They can, however, be trivially copied and moved elsewhere. So, you might want to couple the SSL certificate with some other kind of authentication like passphrase or even just remote IP address checking. The other nice thing is that you don't need the original issuing-certificate's key in order to verify the authenticity of the client cert: you can install the CA (and subs) certs on the server and verify the validity of the client certificate without revealing any secrets on the server (like the secret for the server's key, for instance). That allows you to keep your super-secret CA keys under lock and key but still use them for authentication purposes. The real question is whether or not it gives you anything more secure than what you already have (I dunno what you already have). The SSL connection takes care of the security of the information in-transit. The client SSL cert takes care of one factor of authentication: it's something the remote client has. Any security expert will tell you that multi-factor authentication is superior (and they'd be right) but you still have the problem of distribution of the token *plus* the authentication of the user before issuing the token. For example, if your authentication is non-existent for client-cert issuance, then the second factor for authentication into your primary system is entirely useless. Web-based authentication is difficult to do in a really good way. Sure, there are good tools (GPG, X509, etc.) and tried-and-true procedures (username/password/PIN/whatever) but when it comes down to it, allowing remote access to sensitive data is inherently risky. When it comes right down to it, even a very well-implemented system still needs to be used by humans, who will invariably find a way to poke holes in your security -- say, by putting their passwords on post-its on their monitors. Really, it's the humans that really mess up security for everyone ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAFcycACgkQ9CaO5/Lv0PAYHwCeI2V4++1mMCTRrqUpipBnswHV cyAAn0rROWS47++js5IMM7iFg0BRgZAk =zbGQ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: 7.0.29 Multi-threaded deployment
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris, On 7/16/12 9:54 AM, CRANFORD, CHRIS wrote: When upgrading from 7.0.26 to 7.0.29, MyEclipse cannot start the Tomcat instance without reaching an OutOfMemoryError exception that results from a GC overhead limit exceeded when Tomcat begins it's multi-threaded deployment process. MyEclipse is running with 1GB of maximum memory and still errors with this exception where-as reverting back to 7.0.26 and using only 512MB of memory, the instance starts without any issues with plenty of memory to spare. Have any others experienced this issue using Tomcat 7.0.29's Multi-Thread deployment in UserConfig? Is there anyway to disable this feature globally? You got your question answered in another thread (the real problem is JAR scanning and metadata cashing taking up way too much memory: using metadata-complete=true in web.xml should fix it) but I'll answer the question you asked, here, anyway. Globally, Tomcat's default is to use 1 deployment thread when starting a Host's contexts. See http://tomcat.apache.org/tomcat-7.0-doc/config/host.html, look for startStopThreads. Tomcat will only do true parallel deployment if you explicitly set startStopThreads to some other value. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAFdE8ACgkQ9CaO5/Lv0PDzrwCghqXJHBFQg+/esZ8YsmPSglFj NV4AoJNExUjs1oNtIO+XQTZCJGtknnX9 =nY3H -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Poller CometPoller general questions
In http://tomcat.apache.org/tomcat-7.0-doc/config/http.html you can read about pollerThreadCount and useComet flags for the APR implementation. You don't need Comet unless you applications specifically are using it, most likely they are not. Filip - Original Message - From: Jeffrey Janner jeffrey.jan...@polydyne.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, July 13, 2012 9:53:14 AM Subject: Poller CometPoller general questions I'm more curious here than there being a problem. Are the Poller CometPoller threads necessary for Tomcat operation? If not, how to turn them off, and do I want to turn them off. Here's my scenario: Tomcat 6.0.33 with APR on Windows Server 2008 (regular and R2). Fairly normal server.xml, with generic connector implementation, i.e., not explicitly specifying the protocol: !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / Connector address=172.16.1.1 port=80 maxHttpHeaderSize=8192 maxThreads=10 enableLookups=false redirectPort=443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Connector address=172.16.1.1 port=443 maxHttpHeaderSize=8192 maxThreads=100 enableLookups=false acceptCount=100 connectionTimeout=2 disableUploadTimeout=true scheme=https secure=true SSLEnabled=true SSLCertificateFile=path to server.crt SSLCertificateKeyFile= path to server.key SSLCertificateChainFile= path to _chain.crt SSLPassword=password / Web.xml is set up to force everything to HTTPS: user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint So Tomcat starts up and creates, in my case, 32 poller threads, 8 poller and 8 cometpoller for each connector. Now, I know these just sit around waiting on AprEndpoint$Poller, basically doing nothing and really causing no harm, other than taking up some threads out of my available threadpool. I pretty sure we don’t use Comet, so I'd like to turn those off, but it's not clear in the documentation that I can, only looks like there are controls for the NIO connector. What, if anything, would the standard Poller threads be used for? Since everything gets forwarded to HTTPS, the HTTP poller threads seam exceptionally useless. Jeffrey Janner Sr. Network Administrator jeffrey.jan...@polydyne.com PolyDyne Software Inc. Main: 512.343.9100 Direct: 512.583.8930 cid:image002.png@01CC0FB7.4FF43CE0 Speed, Intelligence Savings in Sourcing __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: force embedded tomcat 7 to listen on ALL adresses
Hi Christopher, I've found a solution to my problem although I believe it's more accurate to say I guessed it :) Maybe you'll be able to explain it to me. Here is the complete code: Tomcat tomcat = new Tomcat(); tomcat.setBaseDir(baseDir); tomcat.getConnector().setPort(8080); tomcat.getServer().setParentClassLoader(getClass().getClassLoader()); tomcat.getEngine(); // (1) tomcat.init(); tomcat.getHost().addAlias(127.0.0.1); // (2) tomcat.start(); tomcat.addWebapp(, path); (1) - this seems like it should be called from somewhere within Tomcat class during initialization, but somehow it isn't called, and without this line I get a NullPointerException (2) - this is my solution to the problem I've described before; without this line my app is only served on http://localhost:8080 but if I include this line my app is available on http://localhost:8080, http://127.0.0.1:8080 and all other assigned addresses like http://192.168.1.1:8080 etc 2012/7/17 Christopher Schultz ch...@christopherschultz.net -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander, On 7/17/12 6:42 AM, Alexander Shutyaev wrote: Ok, I've figured out it DOES listen on ALL addresses no matter what hostname is, but somehow requests only succeed if they have the hostname matching with the one set by Tomcat.setHostname(...) (which is localhost by default). I'm not sure where the requests fail, but they do. What happens when the requests don't succeed? If you have a connector bound to 0.0.0.0 (or ::) then it should accept connections on any interface. If you have a Host defined that is the default, then it should respond to all requests that don't match another Host. As long as you set the hostname before calling any of the more interesting methods, then the hostname you specify should be the default. If you set no hostname, then it will default to localhost and will be *the default Host* so everything should work. Please describe in more detail what happens. Also, if you could post your entire use of the Tomcat class, that would certainly help. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAFcLgACgkQ9CaO5/Lv0PCWCwCgidVx5uhVkpqk/rdSCnYeqbSl wMcAnR3fk//7SHueaNwH5SLv8U+mGDnU =C25J -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Embedded Tomcat 6 7 logging to file
Thanks for clarifying it. That helped. -- View this message in context: http://tomcat.10.n6.nabble.com/Embedded-Tomcat-6-7-logging-to-file-tp4984104p4984163.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Poller CometPoller general questions
I think what we are looking for is here : http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#NIO_specific_configuration useComet (bool)Whether to allow comet servlets or not. Default value is true. I set connetor attribute to false useComet to false,but did not work as I expected, still created those : Daemon Thread [http-apr-80-Poller-4] (Running) Daemon Thread [http-apr-80-CometPoller-3] (Running) Daemon Thread [http-apr-80-Poller-3] (Running) Daemon Thread [http-apr-80-Poller-5] (Running) Daemon Thread [http-apr-80-Poller-7] (Running) Daemon Thread [http-apr-80-Poller-0] (Running) Daemon Thread [http-apr-80-Poller-2] (Running) Daemon Thread [http-apr-80-CometPoller-4] (Running) Daemon Thread [http-apr-80-Poller-1] (Running) Daemon Thread [http-apr-80-CometPoller-1] (Running) Daemon Thread [http-apr-80-CometPoller-6] (Running) Daemon Thread [http-apr-80-CometPoller-5] (Running) Daemon Thread [http-apr-80-CometPoller-7] (Running) Daemon Thread [http-apr-80-CometPoller-2] (Running) Daemon Thread [http-apr-80-CometPoller-0] (Running) Daemon Thread [http-apr-80-Poller-6] (Running) Daemon Thread [http-apr-80-AsyncTimeout] (Running) Daemon Thread [http-apr-80-Acceptor-0] (Running) Daemon Thread [http-apr-80-Sendfile-0] (Running) Daemon Thread [ajp-apr-8009-Poller-0] (Running) Daemon Thread [ajp-apr-8009-Poller-1] (Running) Daemon Thread [ajp-apr-8009-Poller-6] (Running) Daemon Thread [ajp-apr-8009-Poller-2] (Running) Daemon Thread [ajp-apr-8009-Poller-7] (Running) Daemon Thread [ajp-apr-8009-Poller-5] (Running) Daemon Thread [ajp-apr-8009-Poller-3] (Running) Daemon Thread [ajp-apr-8009-CometPoller-2] (Running) Daemon Thread [ajp-apr-8009-CometPoller-5] (Running) Daemon Thread [ajp-apr-8009-Poller-4] (Running) Daemon Thread [ajp-apr-8009-CometPoller-6] (Running) Daemon Thread [ajp-apr-8009-CometPoller-4] (Running) Daemon Thread [ajp-apr-8009-CometPoller-0] (Running) Daemon Thread [ajp-apr-8009-AsyncTimeout] (Running) Daemon Thread [ajp-apr-8009-CometPoller-3] (Running) Daemon Thread [ajp-apr-8009-Acceptor-0] (Running) Daemon Thread [ajp-apr-8009-CometPoller-7] (Running) Daemon Thread [ajp-apr-8009-CometPoller-1] (Running) From: Filip Hanik Mailing Lists devli...@hanik.com To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, July 18, 2012 1:38 AM Subject: Re: Poller CometPoller general questions In http://tomcat.apache.org/tomcat-7.0-doc/config/http.html you can read about pollerThreadCount and useComet flags for the APR implementation. You don't need Comet unless you applications specifically are using it, most likely they are not. Filip - Original Message - From: Jeffrey Janner jeffrey.jan...@polydyne.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, July 13, 2012 9:53:14 AM Subject: Poller CometPoller general questions I'm more curious here than there being a problem. Are the Poller CometPoller threads necessary for Tomcat operation? If not, how to turn them off, and do I want to turn them off. Here's my scenario: Tomcat 6.0.33 with APR on Windows Server 2008 (regular and R2). Fairly normal server.xml, with generic connector implementation, i.e., not explicitly specifying the protocol: !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / Connector address=172.16.1.1 port=80 maxHttpHeaderSize=8192 maxThreads=10 enableLookups=false redirectPort=443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Connector address=172.16.1.1 port=443 maxHttpHeaderSize=8192 maxThreads=100 enableLookups=false acceptCount=100 connectionTimeout=2 disableUploadTimeout=true scheme=https secure=true SSLEnabled=true SSLCertificateFile=path to server.crt SSLCertificateKeyFile= path to server.key SSLCertificateChainFile= path to _chain.crt SSLPassword=password / Web.xml is set up to force everything to HTTPS: user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint So Tomcat starts up and creates, in my case, 32 poller threads, 8 poller and 8 cometpoller for each connector. Now, I know these just sit around waiting on AprEndpoint$Poller, basically doing nothing and really causing no harm, other than taking up some threads out of my available threadpool. I pretty sure we don’t use Comet, so I'd like to turn those off, but it's not clear in the documentation that I can, only looks like there are controls for the NIO connector. What, if anything, would the standard Poller threads be used for? Since everything gets forwarded to HTTPS, the HTTP poller threads seam exceptionally useless. Jeffrey Janner Sr. Network Administrator jeffrey.jan...@polydyne.com PolyDyne Software Inc.