Wednesday March 07, 2007 Meena Vyas
All
|
DTrace Web Server 7.0
|
ACLs Web Server 7.0
|
General Web Server 7.0
|
HttpCompression Web Server 7.0
|
Intrusion Detection Web Server 7.0
|
Open Web Server
|
Reference Deployments of Web Server 7.0
|
Reverse Proxy Web Server 7.0
|
Security Web Server 7.0
|
Troubleshooting Web Server 7.0
|
WebDAV Web Server 7.0
Wednesday March 07, 2007 Denial of Service (DoS) Prevention By Request Timeout in Sun Java System Web Server 7.0
Denial of Service (DoS) Prevention By Request Timeout in Sun Java System Web Server 7.0
Check out the new improvements we made in Sun Java System Web Server 7.0. In this blog I will talk about Denial Of Service (DoS) Prevention "Request Timeout" enhancements.
We have introduced two more timeouts in the server.xml's <http> element in addition to the existing <io-timeout>. They are <request-header-timeout> and <request-body-timeout>.
If you are a Web Server Administrator and you want to limit users to be sending all request headers in the first 10 minutes of the connection and request body in the next one hour, you can set these two parameters in server.xml like
...
<http> ...
<request-header-timeout>600</request-header-timeout>
<request-body-timeout>3600</request-body-timeout>
</http>
...
All other connections which last longer will be disconnected by the server automatically.
Posted by meena ( Mar 07 2007, 12:20:34 PM IST ) Permalink Comments [2]
Trackback URL: http://blogs.sun.com/meena/entry/denial_of_service_prevention_by
Post a Comment:
This blog copyright 2009 by meena
<http> <strict-request-headers>false</strict-request-headers> <io-timeout>5</io-timeout> <request-body-timeout>300</request-body-timeout> </http>In hind-sight it's obvious that these only control timers on the incoming data. How can I control the overall length of the request including response time?Posted by DzM on March 13, 2007 at 11:16 PM IST #
Posted by DzM on March 13, 2007 at 11:33 PM IST #