Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 2.0.0.Beta1, 1.4.10.Final
Affects Version/s: None
Component/s: None
Labels:
None

If you send MCMP message to the undertow balancer with

 Connection header set to Keep-Alive(Default)

Balancer is keeping this connection open(default 60s) as he responds with

Connection: Keep-Alive

Note that apache httpd balancer is answering to such messages with

Connection: Close

One can theoretically DDoS balancer with workers.

Httpd

[root@localhost backup]# curl -X CONFIG --data "JVMRoute="a"&Host=127.0.0.1&Maxattempts=1000&Port=8747&Type=http&ping=10000" 127.0.0.1:8747 -v
* About to connect() to 127.0.0.1 port 8747 (#0)
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8747 (#0)
> CONFIG / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 127.0.0.1:8747
> Accept: */*
> Content-Length: 73
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 73 out of 73 bytes
< HTTP/1.1 200 OK
< Date: Wed, 04 Jan 2017 13:29:28 GMT
< Server: Apache/2.4.23 (Red Hat)
< Connection: close
< Transfer-Encoding: chunked
< Content-Type: httpd/unix-directory
< 
* Closing connection 0

Undertow

[root@localhost backup]# curl -X CONFIG --data "JVMRoute="a"&Host=127.0.0.1&Maxattempts=1000&Port=8484&Type=http&ping=10000" 127.0.0.1:8484 -v
* About to connect() to 127.0.0.1 port 8484 (#0)
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8484 (#0)
> CONFIG / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 127.0.0.1:8484
> Accept: */*
> Content-Length: 73
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 73 out of 73 bytes
< HTTP/1.1 200 OK
< Connection: keep-alive
< X-Powered-By: Undertow/1
< Server: JBoss-EAP/7
< Content-Type: text/plain; charset=ISO-8859-1
< Content-Length: 0
< Date: Wed, 04 Jan 2017 13:25:02 GMT
< 
* Connection #0 to host 127.0.0.1 left intact

[root@localhost backup]# curl -X CONFIG --header "Connection: close" --data "JVMRoute="a"&Host=127.0.0.1&Maxattempts=1000&Port=8484&Type=http&ping=10000" 127.0.0.1:8484 -v
* About to connect() to 127.0.0.1 port 8484 (#0)
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8484 (#0)
> CONFIG / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 127.0.0.1:8484
> Accept: */*
> Connection: close
> Content-Length: 73
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 73 out of 73 bytes
< HTTP/1.1 200 OK
< Connection: close
< X-Powered-By: Undertow/1
< Server: JBoss-EAP/7
< Content-Type: text/plain; charset=ISO-8859-1
< Content-Length: 0
< Date: Wed, 04 Jan 2017 13:35:39 GMT
< 
* Closing connection 0

is cloned by

JBEAP-8199 MCMP with Connection: Keep-Alive

Closed

Assignee:: Stuart Douglas (Inactive)

Reporter:: Bogdan Sikora (Inactive)

Tester:: Jan Kašík

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2017/01/04 8:37 AM

Updated:: 2017/08/11 7:19 AM

Resolved:: 2017/01/05 5:09 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates