I noticed that I can block tomcat 8 by opening 200 connection to the
http 1.1 connector and send 512 bytes of zero in each connection.

Tomcat 8 seems to block in parseRequestLine() method for 20 seconds
(connectionTimeout) and times out after that.

The blocking seems to happen while waiting for the http method name.

I looked up RFC 2616 and byte zero is as far as I understand not a
legal character for the http method name which are GET, PUT and so on
and extension token which is defined as token which is defined as all
characters excluding 0-31 and 127.
So why doesn't tomcat trash the connection when it detects an invalid
http method name?

Is this behaviour just a super tolerant implementation?

Bug or feature? I'm curious to know the background of this

With kind regards

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to