-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Petr,
On 3/14/15 3:32 PM, Petr Nemecek wrote: > Hello, > > our webapp, that is deployed in Tomcat 8.0.18, was tested positive > as vulnerable to the slow http denial of service: "By using a > single computer, it is possible to establish thousands of > simultaneous connections and keep them open for a long time. During > the attack, the server was rendered unavailable." > > Any idea what to do with this? Using the NIO connector is the best you can do, here. Or, front Tomcat with a web server that has its own mitigation techniques. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVBMEoAAoJEBzwKT+lPKRYKMwP/iKY9W1YkBQ+qgdYWdcjhD55 q7T8ssN2ChzU2xkVgiHh2ISZSchoOF3KcPNOnYomRn6/KPYaiSb/PWUmJ4WL0n/i csSizG6PKV0fj3ZZk6j19QHKvdDNC7ntP6TC2XsK3bxdCG0LGMeZCKJEEihoKO5L AbgWc9n0DVlKR5s9rMgGzNwjfL9aXva5ZWUY6O0bPb4uay0CcdFrouJLOOHMqjG9 U8aVZ6Zpf7zYc8C0CYaKp6J9yRxM+RkHFszBuVuRKXB1FWQpFssLK3FugTP7+9Cp blshbfpmaw6XSLlQcIMpO4uOgdCOg/KX4Dj5nNaXyR64qa4TleHcLy4b21Usaqwb yVO0tnDlZA9qRGNsN3Djt9ABm5GIiJNsMOUsA7cjfGyaLr+NGKq8sLzXff8Nre4F TKMIAgtpUp3RhMM6dRtJ/sFpLdtggNWWA0+zYlMDp20f5N4e3qtUAq2orIK3A7lM FxcUMgajLZKlDoN4NiO26n97MWP0SzkQYj9/IkI5R2Mi9ijsZ+kSSj54pDFnV81C OEzh7Xxb+8UrPLxLPZBttu1uT7hMZUvJwHJZM/nOLOr+J+vemrbFIg9UGFS1qcIR pgWQEvANR1TFku6HhcgktQugfI4bEYzYxUsRvmX+CwlouzErIxkDq3S1qCFvMCwJ jBy234U/r7X4a+P1p8HW =v4ph -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
