Hi, I noticed that I can block tomcat 8 by opening 200 connection to the http 1.1 connector and send 512 bytes of zero in each connection.
Tomcat 8 seems to block in parseRequestLine() method for 20 seconds (connectionTimeout) and times out after that. The blocking seems to happen while waiting for the http method name. I looked up RFC 2616 and byte zero is as far as I understand not a legal character for the http method name which are GET, PUT and so on and extension token which is defined as token which is defined as all characters excluding 0-31 and 127. So why doesn't tomcat trash the connection when it detects an invalid http method name? Is this behaviour just a super tolerant implementation? Bug or feature? I'm curious to know the background of this behaviour/implementation! With kind regards Thomas --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
