Wednesday March 07, 2007 Meena Vyas
All
|
WebServer7.0
Wednesday March 07, 2007 Denial of Service (DoS) Prevention By Request Timeout in Sun Java System Web Server 7.0 Denial of Service (Dos) Prevention By Request Timeout in Sun Java System Web Server 7.0
Denial of Service (DoS) Prevention By Request Timeout in Sun Java System Web Server 7.0
Check out the new improvements we made in Sun Java System Web Server 7.0. In this blog I will talk about Denial Of Service (DoS) Prevention "Request Timeout" enhancements.
We have introduced two more timeouts in the server.xml's <http> element in addition to the existing <io-timeout>. They are <request-header-timeout> and <request-body-timeout>.
If you are a Web Server Administrator and you want to limit users to be sending all request headers in the first 10 minutes of the connection and request body in the next one hour, you can set these two parameters in server.xml like
...
<http> ...
<request-header-timeout>600</request-header-timeout>
<request-body-timeout>3600</request-body-timeout>
</http>
...
All other connections which last longer will be disconnected by the server automatically.
Posted by meena ( Mar 07 2007, 12:20:34 PM IST ) Permalink Comments [2]
