Details
The connectionTimeout setting allows Tomcat to close idle sockets after a specific amount of time to save system resources.
Rationale:
Closing idle sockets reduces system resource usage which can provide better performance and help protect against Denial of Service (Dos) attacks.
Solution
Set the connectionTimeoutfor each connector in $CATALINA_HOME/conf/server.xml to optimal number of milliseconds based on hardware resources, load, and number of concurrent connections.
connectionTimeout=’60000′
Impact:
This timeout will also apply when reading any request body when disableUploadTimeout is not set to false.
Default Value:
By default this is set to 60000 (i.e. 60 seconds) but the standard server.xml which ships with Tomcat sets this set to 20000 (i.e. 20 seconds).
References:
https://tomcat.apache.org/tomcat-8.0-doc/config/http.html
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.