Re: Possible penetration attempt or DOS attack: any suggestions on what can be done?

If they are serious they use multiple IP addresses.  If you are self hosting, for a DOS case their is not much you can do other than blocking the ip address(s) on the router. Usually after a couple of days they get bored and try some where else. It is worth having some internal filter mechanis

Compatibility Check Tomcat 10.1.x with IBM MQ 9.3.0.20

Hi Team, We have installed Tomcat 10.1.1 in RHEL 8 server so we needed to check if tomcat 10.1.1 is compatible with IBM MQ 9.3.0.20. Thanks & Regards, Mohit Chaudhary

Re: Possible penetration attempt or DOS attack: any suggestions on what can be done?

James, On 6/27/24 11:47, James H. H. Lampert wrote: On 6/27/24 8:01 AM, Christopher Schultz wrote: "100 404s in a minute per-IP" Actually, what I was seeing, once the webapp developer pointed me in the right direction, was several dozen 404s per *second* from a single IP. Not sure if Fail2

Re: Possible penetration attempt or DOS attack: any suggestions on what can be done?

James, On 6/27/24 11:36, James H. H. Lampert wrote: On 6/27/24 8:01 AM, Christopher Schultz wrote: Why aren't you seeing the source-IP in your own logs? Because our webapp developer hadn't thought to put them into the log messages we generate. He did, however, direct us to the localhost_ac

Re: Many CLOSE_WAIT connections causing the app not available

Stephen, On 6/26/24 01:18, Stephen Stevie wrote: We are using Apache Tomcat 8.5.49 and sometimes in a day, we see the application is going unresponsive though the service is up and running and giving 503 (service unavailable error). When netstat for the port is run, we see many CLOSE_WAIT connec

Re: Many CLOSE_WAIT connections causing the app not available

Stephen, On 6/26/24 09:31, Chuck Caldarale wrote: On Jun 26, 2024, at 00:18, Stephen Stevie wrote: We are using Apache Tomcat 8.5.49 Stop right there. Tomcat 8.5.x reached end-of-life earlier this year and is no longer supported. The particular version you’re running is over 4.5 years old

Re: Isolating the Root Cause of "Connection Refused"

Eric, On 6/26/24 01:43, Eric Robinson wrote: What is impact on memory utilization if we increase the acceptCount value? There are 100 tomcat instances on the server. And would maxThreads have to be increased to accommodate the extra connections? After reading more, I guess that's a dumb questi

Re: Isolating the Root Cause of "Connection Refused"

Eric, On 6/25/24 20:10, Eric Robinson wrote: No - Tomcat passes the acceptCount value to the TCP/IP stack of the OS as part of listener socket initialization. I thought of that after I sent my previous message. the OS won't log this, since it's considered to be an application error. Assum

Re: Isolating the Root Cause of "Connection Refused"

Eric, On 6/25/24 14:22, Chuck Caldarale wrote: On Jun 25, 2024, at 13:12, Eric Robinson wrote: I'm obviously not getting something. If I understand correctly, the purpose of the acceptCount param is to allow tomcat to reject connections even after the TCP stack has passed them to the java

Re: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS

Gavioto, On 6/25/24 13:51, Gavioto 🕵 wrote: Finally, I got a configuration that works with Certificate Storage. It is very specific, and I couldn't find any other until date. It works, but in our environment there is a required manual step yet. I think it should be configured in Windows and is

Re: Possible penetration attempt or DOS attack: any suggestions on what can be done?

On 6/27/24 8:01 AM, Christopher Schultz wrote: "100 404s in a minute per-IP" Actually, what I was seeing, once the webapp developer pointed me in the right direction, was several dozen 404s per *second* from a single IP. Not sure if Fail2ban would even work in this situation: like the overw

Re: Possible penetration attempt or DOS attack: any suggestions on what can be done?

On 6/27/24 8:01 AM, Christopher Schultz wrote: Why aren't you seeing the source-IP in your own logs? Because our webapp developer hadn't thought to put them into the log messages we generate. He did, however, direct us to the localhost_access_log files (where I quite frankly hadn't thought t

Re: PKCS#8 encryption algorithm unrecognized

Timothy, On 6/25/24 10:39, Timothy Resh wrote: In the SSLPassword="${KSENC(6qkaMErQ==; C:\Certificate\Keystore\Vessel.p12)}" we defined a Class to convert the Encrypted password and set the following properties: public class MyPropertySource implements org.apache.tomcat.util.IntrospectionUti

Re: [OT] ldap administration tool and error LDAP: error code 49 - Invalid Credentials

Shekhar, On 6/25/24 01:40, Shekhar Dhotre wrote: Is there any DLap admin tool available ? I want to manage IBM and openldap with it . trying to reset users password in IBM ldap but it fails with "[root@camttvpws002 app]# ldapsearch -x -h //102.85.9.23 -D "ldap@seth.local

Re: Possible penetration attempt or DOS attack: any suggestions on what can be done?

Not a tomcat issue but I can't say enough good things about cloudflare which we use. Easy to configure WAF so the site is locked down to cloudflare only and the rest of the world has to come through them where each keystroke is inspected. They have a number of preconfigured rules that mostly just

Re: Possible penetration attempt or DOS attack: any suggestions on what can be done?

James, On 6/24/24 17:57, James H. H. Lampert wrote: On 6/24/24 12:03 PM, Tim Funk wrote: Conversely, this is a good time for the developers to review their server logging and tune it to be less verbose for these normal exceptions. As well as implementing logging frameworks and logging at the ap

Re: Errors after upgrading to Tomcat 9.0.90

Rainer, On 6/21/24 07:55, Rainer Jung wrote: Am 20.06.24 um 17:52 schrieb Christopher Schultz: Francesco, On 6/20/24 09:03, Francesco Chicchiriccò wrote: On 2024/06/20 12:18:15 Konstantin Kolinko wrote: чт, 20 июн. 2024 г. в 13:25, Francesco Chicchiriccò : Hi there, at Syncope we usually u