By mv on Mar 07, 2007
Denial of Service (DoS) Prevention By Request Timeout in Sun Java System Web Server 7.0
Check out the new improvements we made in Sun Java System Web Server 7.0. In this blog I will talk about Denial Of Service (DoS) Prevention "Request Timeout" enhancements.
We have introduced two more timeouts in the server.xml's <http> element in addition to the existing <io-timeout>. They are <request-header-timeout> and <request-body-timeout>.
If you are a Web Server Administrator and you want to limit users to be sending all request headers in the first 10 minutes of the connection and request body in the next one hour, you can set these two parameters in server.xml like
All other connections which last longer will be disconnected by the server automatically.
Other blogs on this topic are :
Web Server 7.0 Request Limiting http://blogs.oracle.com/jyrivirkki/entry/web_server_7_0_request
More on Request Limiting http://blogs.oracle.com/jyrivirkki/entry/more_on_request_limiting
- Web Server 7.0 Concurrency Limiting http://blogs.oracle.com/jyrivirkki/entry/web_server_7_0_concurrency