On 10.05.2016 23:00, Thomas Meyer wrote:
Hi,
I noticed that I can block tomcat 8 by opening 200 connection to the
http 1.1 connector and send 512 bytes of zero in each connection.
Tomcat 8 seems to block in parseRequestLine() method for 20 seconds
(connectionTimeout) and times out after that.
I do not know about the rest of your question.
But about the above, note that you can change this timeout (make it shorter), as indicated
here :
http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#Standard_Implementation
--> connectionTimeout
In current WWW circumstances, I cannot really think of any normal scenario in wich a
legitimate client would open a connection to a webserver, and then wait more than a couple
of seconds before sending a first valid request line.
The blocking seems to happen while waiting for the http method name.
I looked up RFC 2616 and byte zero is as far as I understand not a
legal character for the http method name which are GET, PUT and so on
and extension token which is defined as token which is defined as all
characters excluding 0-31 and 127.
So why doesn't tomcat trash the connection when it detects an invalid
http method name?
Is this behaviour just a super tolerant implementation?
Bug or feature? I'm curious to know the background of this
behaviour/implementation!
With kind regards
Thomas
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
