"Rau NF" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi - Not sure about one thing - what if someone opens > up a 100 odd connections and sends data over the pipe > slowly ? This will definitely keep that particular > server (Tomcat 4.1.24) busy for a long time and no new > user can get in. In this case, the throttling logic in > tomcat will probably do nothing. Am I mistaken ?
If they send too slowly, the request will timeout (resulting in a fail to the client). However, Tomcat will stay active. > > Also, what is disableUploadTimeout ? I didn't find any > doc. about this. If it is set to false, how can I > configure a longer timeout for reading requests ? I'm really bad at writing docs ;-). If the 'disableUploadTimeout' attribute is set to 'false', then the Socket.setSoTimeout uses the value of the 'connectionUploadTimeout' attribute (which defaults to 5min, like Apache/httpd) to control the timeout after the initial request line has been read. > > Thanks in advance > > ------------------------------------------------ > "Rau NF" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Hi - Since tomcat implements a thread per connection > > model (as per the spec), would it be open to a DoS > > attack if it does not have an Apache server in front > > of it ? ie keep all threads busy servicing slow > > requests and valid users can't get in. > > On my tests, Tomcat stands up pretty well to a DoS > attack. It will become > slow if I have one machine saturate it with requests, > but they all > eventually get served. Tomcat 5 has additional logic > to throttle > connections if the load becomes high, so I'd guess > that a DoS attack against > it (with the default settings) is almost impossible > (you would need a DDoS > attack, since one machine couldn't maintain the > concurrency necessary to > shut Tomcat down). > > > > > Assuming there is no apache server in front of > tomcat > > and tomcat is serving everything, what's a > reasonable > > connection timeout value? I know this is application > > specific but it would be interesting to hear about > > this. The goal obviously is to serve as many users > as > > possible without having to create too many threads. > > I tend to use 5sec (which is 5000 in server.xml), > since most of my apps > write back very quickly. Some people prefer 15sec; > The current default for > Tomcat 4 is 1min. Like anything else, it depends on > your app. If you > typically start sending back data that includes links > to images/style-sheets > very quickly, then you want a low number. Even if > not, I prefer to set > disableUploadTimeout="false" to use the longer time to > read the request > body. > > > __________________________________ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design software > http://sitebuilder.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
