Tomcat 配置 https OPTS 缓慢攻击 cacheMaxSize 指定JDK 添加服务

本文链接：https://blog.csdn.net/weixin_43906692/article/details/136715251

context.xml

<Resources cachingAllowed="true" cacheMaxSize="100000" />

catalina.sh catalina.bat

JAVA_OPTS=”-Xmx2048m -Xss2m”
CATALINA_OPTS=”-Djava.awt.headless=true”
-XX:MaxMetaspaceSize=512m -XX:MetaspaceSize=512m
MetaspaceSize
MaxMetaspaceSize
java7
export CATALINA_OPTS=”-server -Xms512m -Xmx2048m -XX:PermSize=128M -XX:MaxPermSize=2048M”

Tomcat 安全漏洞 - 缓慢的HTTP拒绝服务攻击 / 启动了OPTIONS方法 conf/server.xml

提示：把connectionTimeout的20000改成8000即可。

server.xml：

<Connector port="80" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="443" />

 <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https"
           secure="true" clientAuth="false" sslProtocol="TLS"
           keystoreFile="/usr/certificate/tomcat/lixin-edu-cn-1104165220.jks"  keystorePass="lixin@123"/>
           
           
           
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
            maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false"
            sslProtocol="TLS" keystoreFile="D:\apache-tomcat-8.5.59\certificate\tomcat.p12" keystorePass="123456">
</Connector>
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
            maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false"
            sslProtocol="TLS" keystoreFile="/opt/tomcat/apache-tomcat-8.5.64/certificate/tomcat.p12" keystorePass="123456">
</Connector>

指定JDK setclasspath.sh setclasspath.bat

set JAVA_HOME=I:\JavaHome\Java\jdk1.7.0_15
set JRE_HOME=I:\JavaHome\Java\jdk1.7.0_15\jre

JAVA_HOME=I:\JavaHome\Java\jdk1.7.0_15
JRE_HOME=I:\JavaHome\Java\jdk1.7.0_15\jre
export JAVA_HOME=/opt/jdk/jdk1.7.0_80
export JRE_HOME=/opt/jdk/jdk1.7.0_80/jre