Tomcat slow HTTP denial of service attack security solution
Problem Description: The design of the HTTP protocol requires the server to fully receive the request before processing. If the HTTP request is not completed, or the transfer rate is very low, the server keeps its resource consumption waiting for the remaining data. If the server consumes too many resources, it can cause a denial of service.
Workaround:
Modify the <connector in the Tomcat configuration file server.xml./> configuration, set the ConnectionTimeout value, default to 20000ms, modify to 8000ms;
<Connector port="8080" protocol="HTTP/1.1" maxHttpHeaderSize="8192" maxThreads="100" minSpareThreads="50" maxSpareThreads="100" minProcessors="50" maxProcessors="100" enableLookups="false" connectionTimeout="8000" acceptCount="100" redirectPort="8443" URIEncoding="UTF-8"/>
HTTP slow denial of service attack