Christopher Schultz wrote:
...
Interesting... load average is a crude measure of activity; I suppose
that having those timeouts means that there is activity on a thread
even when there is no real "work" to be done. I do recommend leaving
the timeouts set to their defaults (-1 = infinite).
In general terms, I would definitely not put the connectionTimeout nor the
keepAliveTimeout to infinite, if that is what you meant here.
ConnectionTimeout infinite seems like a perfect setup for a DOS attack.
Keep-alive timeout infinite seems like the perfect way to block a lot of threads doing
nothing (and opening yourself to another kind of DOS attack).
However, in this case, we are talking about the AJP Connector, which processes requests
coming in via Apache httpd and mod_jk, so I guess that one can rely on the Apache
front-end not to relay anything nasty to Tomcat.
Presumably, the Apache httpd configuration does not have infinite connection timeout nor
keep-alive timeout.
Which in a way, raises the question of why these parameters are even available for setting
on the AJP Connector. Should these not better be left to the discretion of Apache httpd
and mod_jk in the first place ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
