File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

need to change requestTimeout and test it

 
manikandan jayakumar
Ranch Hand
Posts: 44
Firefox Browser Tomcat Server VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,


I want to reduce the default requestTimeout in Tomcat, is it possible?

i have changed connectionTimeout in connector tag,

connectionTimeout="1" and expecting it should timeout. But its not working as i expected.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17621
39
Android Eclipse IDE Linux
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The first question is: "Why"?

The second question is: "What do you mean by 'request timeout'?".

The third question is: "Why do you think that a Connector has a 'connectionTimeout'" property when the Tomcat docs (at least for Tomcat 6) don't define one?

Request timeout to be means the amount of time that the client will wait for a response before giving up, and that isn't set in Tomcat, it's part of the client. These days, most client programs such as web browsers have pretty long timeout intervals.

The only case I can think of offhand where you'd routinely set a request timeout on Tomcat would actually not be on Tomcat, it would be on something like a Connection Pool where you want database requests to time out if the database doesn't respond quickly enough.
 
manikandan jayakumar
Ranch Hand
Posts: 44
Firefox Browser Tomcat Server VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tim,

Thanks for the reply.

1. "Why" - one of our customer reported Dos attack presents on our application. If a request takes too long time the server waits for 10mins before invalidating the request(closing the connection) need to reduce this.

2. "request timeout" - if a client takes too long time (may be due to slow internet connection or a hacker gives (n) slow request to make server unavailable for others) to make request we need not to handle that request and need to close that connection. ie., time taken for the server(tomcat) to completely read the request.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17621
39
Android Eclipse IDE Linux
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ah. Thank you. Sometimes we assume a certain solution and ask questions relating to that solution when actually the underlying problem has other (and possibly simpler) solutions.

Not that I ever do that myself.

It sounds like you have something like a SYN flood attack problem in the cases of #1 and some #2 cases as well. You may want to consider dealing with them in a more general and powerful way, especially since Tomcat may not be the only target. If your server is a Linux machine, the IPTABLES firewall subsystem deals with things like that, and in fact, most of the sets of sample IPTABLES rules you'll find on the Internet (and almost all rule-generator apps) include that sort of protection as a matter of course.

Anyone who has an inbound request that ties up the listening socket for excessive lengths of time probably has system problems on their end or at least is trying to upload something obscenely large. Anyone who is opening a connection to deliberately "hang" it can generally be taken care of using something like IPTABLES.

What I really recommend is that you get a network expert to analyse your situation and see what system-wide measures you can take. Once that is done, if there are still Tomcat-specific problems, we may be able to provide some more precise remedies.
 
manikandan jayakumar
Ranch Hand
Posts: 44
Firefox Browser Tomcat Server VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim,

Customer also suggested this(http://httpd.apache.org/docs/trunk/mod/mod_reqtimeout.html)

Can I integrate this(if yes, how?) or is their any other thing similar to this?
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17621
39
Android Eclipse IDE Linux
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The equivalent in Tomcat seems to be the "connectionTimeout". I believe that its value as originally supplied is 20 seconds. If you have set it to 1 second, that's probably too short, since the interval is the amount of time that Tomcat will allow for an entire request to come in, and a slow client with a fairly large form might need a few seconds more at least.

Note that this parameter only limits single requests. If you have someone who is deliberately abusing you and it's DDOS (no single port you can firewall), one thing that an IPTABLES firewall can do is throttle the number of incoming requests per second.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic