Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。Apache Tomcat 7.0.x和之前版本中存在漏洞。
Slowloris是低带宽拒绝服务攻击工具。 Apache Tomcat在实现上存在安全漏洞,远程攻击者可利用Slowloris工具造成拒绝服务攻击
修改iMC\client\conf\server.xml
修改红色部分,重启jserver
<Connector URIEncoding="UTF-8"
acceptCount="100" compressableMimeType="text/html,text/xml,text/xhtml,text/css,text/javascript,text/plain,application/javascript,application/xml"
compression="on" compressionMinSize="2048"
connectionTimeout="10000"
disableUploadTimeout="true" enableLookups="false"
maxHttpHeaderSize="8192" maxPostSize="5242880"
maxSpareThreads="75" maxThreads="300"
minSpareThreads="25" noCompressionUserAgents="gozilla,
traviata" port="8080" protocol="org.apache.coyote.http11.Http11NioProtocol"
redirectPort="8443" server="Server" useURIValidationHack="false"/>
<!--
HTTPS Connector -->
<Connector
SSLEnabled="true" URIEncoding="UTF-8"
acceptCount="100" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
clientAuth="false"
compressableMimeType="text/html,text/xml,text/xhtml,text/css,text/javascript,text/plain,application/javascript,application/xml"
compression="on" compressionMinSize="2048"
connectionTimeout="10000"
disableUploadTimeout="true" enableLookups="false"
keystoreFile="security/newks" keystorePass="iMCV500R001"
maxHttpHeaderSize="8192" maxPostSize="5242880"
maxSpareThreads="75" maxThreads="300"
minSpareThreads="25" noCompressionUserAgents="gozilla,
traviata" port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" server="Server"
sslProtocol="TLSv1.2"/>
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作