On Tue, Mar 20, 2001 at 07:03:04AM -0800, [EMAIL PROTECTED] wrote:
>
> I had a (long) weekend without computers. But I still found one and read
> the mail once - and your report is very serious and important ( and not
> easy to fix ). You have (at least ) my full attention. The read
> timeout will be checked in soon - but the general problem ( with a servlet
> hanging a thread ) is very hard to resolve (or I don't know any good
> solution ).
>
> We could stop setting an upper limit on the thread count ( we still have
> the OS upper limit ), and we could also use the (dangerous,
> deprecated) suspend/terminate on the thread that is taking too much time.
>
> Have you tried any fix ? The timeout will not resolve the "bursts" ( and
> high-loaded servers ) - unless it is very short.
>
> BTW, this is not a tomcat-specific problem ( I would guess Apache does
> have the same issue - and we need to find how they deal with that ).
Apache sets limits on the maximum (at least in 1.3.X, not sure about
2.X) number of processes which can be running at a time, this prevents
the machine from getting hosed, but doesn't prevent a DOS from a
determined attacker. I'm not sure if Apache implements any other methods
to prevent this type of DOS.
-Dave
