You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: documentation/jetty/modules/code/examples/src/main/java/org/eclipse/jetty/docs/programming/server/http/HTTPServerDocs.java
Copy file name to clipboardexpand all lines: documentation/jetty/modules/operations-guide/pages/modules/standard.adoc
+33
Original file line number
Diff line number
Diff line change
@@ -343,6 +343,17 @@ However, we the RMI server is configured to bind to `localhost`, i.e. `127.0.0.1
343
343
344
344
If the system property `java.rmi.server.hostname` is not specified, the RMI client will try to connect to `127.0.1.1` (because that's what in the RMI stub) and fail because nothing is listening on that address.
345
345
346
+
[[qos]]
347
+
== Module `qos`
348
+
349
+
The `qos` module installs the `QoSHandler` at the root of the `Handler` tree; the `QoSHandler` applies limits to the number of concurrent requests, as explained in xref:programming-guide:server/http.adoc#handler-use-qos[this section].
The `size-limit` module installs the `SizeLimitHandler` at the root of the `Handler` tree; the `SizeLimitHandler` applies limits to the request content and the response content, as explained in xref:programming-guide:server/http.adoc#handler-use-size-limit[this section].
Note how properties `jetty.sslContext.keyStorePath` and `jetty.sslContext.keyStorePassword` are configured, only if not already set (via the `?=` operator), directly in the module file, rather than in a `+*.ini+` file.
718
740
This is done to avoid that these properties accidentally overwrite a real KeyStore configuration.
719
741
742
+
[[thread-limit]]
743
+
== Module `thread-limit`
744
+
745
+
The `thread-limit` module installs the `ThreadLimitHandler` at the root of the `Handler` tree; the `ThreadLimitHandler` applies limits to the number of concurrent threads per remote IP address, as explained in xref:programming-guide:server/http.adoc#handler-use-thread-limit[this section].
If the resource is not found, `ResourceHandler` will not return `true` from the `handle(\...)` method, so what happens next depends on the `Handler` tree structure.
815
815
See also <<handler-use-default,how to use>> `DefaultHandler`.
816
816
817
+
[[handler-use-conditional]]
818
+
==== ConditionalHandler
819
+
820
+
`ConditionalHandler` is an abstract `Handler` that matches conditions about the request, and allows subclasses to handle the request differently depending on whether the conditions have been met or not.
821
+
822
+
You may subclass `ConditionalHandler.Abstract` and override these methods:
823
+
824
+
* `boolean onConditionsMet(Request, Response, Callback)`, to handle the request when the conditions are met.
825
+
* `boolean onConditionsNotMet(Request, Response, Callback)`, to handle the request when the conditions are not met.
826
+
827
+
Alternatively, you can use the following `ConditionalHandler` subclasses that implement common behaviors:
828
+
829
+
* `ConditionalHandler.ElseNext`:
830
+
** When conditions are met, you have to write the implementation.
831
+
** When conditions are not met, the handling of the request is forwarded to the next `Handler`.
832
+
* `ConditionalHandler.Reject`:
833
+
** When conditions are met, a response is written with a configurable, non-2xx, HTTP status code.
834
+
** When conditions are not met, the handling of the request is forwarded to the next `Handler`.
835
+
* `ConditionalHandler.SkipNext`:
836
+
** When conditions are met, the handling of the request is forwarded to the next-next `Handler`, skipping the next `Handler`.
837
+
** When conditions are not met, the handling of the request is forwarded to the next `Handler`.
838
+
* `ConditionalHandler.DontHandle`:
839
+
** When conditions are met, the request is not handled.
840
+
** When conditions are not met, the handling of the request is forwarded to the next `Handler`.
841
+
842
+
Conditions can be specified using an include/exclude mechanism, where a condition match if it is not excluded, and either it is included or the include set is empty.
843
+
844
+
For example, you can specify to match only the specific HTTP request method `DELETE` by adding it to the include set; or you can specify to match all HTTP request methods apart `TRACE` by adding it to the exclude set.
845
+
846
+
`ConditionalHandler` allows you to specify conditions for the following request properties:
847
+
848
+
* The request HTTP method.
849
+
* The request link:{javadoc-url}/org/eclipse/jetty/server/Request.html#getPathInContext(org.eclipse.jetty.server.Request)[path in context], that is the request URI relative to the context path.
850
+
* The request remote address.
851
+
* Custom predicates that receive the request to match a custom condition.
852
+
853
+
Notable subclasses of `ConditionalHandler` are, for example, <<handler-use-qos,`QoSHandler`>> and <<handler-use-thread-limit,`ThreadLimitHandler`>>.
854
+
817
855
[[handler-use-gzip]]
818
856
==== GzipHandler
819
857
@@ -905,7 +943,7 @@ Server
905
943
└── ContextHandler N
906
944
----
907
945
908
-
[[handler-use-sizelimit]]
946
+
[[handler-use-size-limit]]
909
947
==== SizeLimitHandler
910
948
911
949
`SizeLimitHandler` tracks the sizes of request content and response content, and fails the request processing with an HTTP status code of https://www.rfc-editor.org/rfc/rfc9110.html#name-413-content-too-large[`413 Content Too Large`].
@@ -1038,9 +1076,13 @@ Refer to the `EventsHandler` link:{javadoc-url}/org/eclipse/jetty/server/handler
1038
1076
[[handler-use-qos]]
1039
1077
==== QoSHandler
1040
1078
1041
-
`QoSHandler` allows web applications to limit the number of concurrent requests, therefore implementing a quality of service (QoS) mechanism for end users.
1079
+
`QoSHandler` allows web applications to limit the number of _active_ concurrent requests, that is requests that are currently being handled by a thread, and therefore are not waiting asynchronously, for example reading request content or writing response content.
1080
+
1081
+
`QoSHandler` extends xref:handler-use-conditional[`ConditionalHandler`], so you may be able to restrict what `QoSHandler` does to only requests that match the conditions (for example, only to `POST` requests, or only for certain request URIs, etc.)
1042
1082
1043
1083
Web applications may need to access resources with limited capacity, for example a relational database accessed through a JDBC connection pool.
1084
+
Limiting the number of active concurrent requests helps to control the load on the server, so that it does not become overloaded and possibly unresponsive.
1085
+
In turn, this improves the quality of service (QoS) for end users of the web application, because either their request is being handled actively by the server, or it is rejected sooner (after a configurable timeout in `QoSHandler`) rather than later (after a possibly longer idle timeout).
1044
1086
1045
1087
Consider the case where each HTTP request results in a JDBC query, and the capacity of the database is of 400 queries/s.
1046
1088
Allowing more than 400 HTTP requests/s into the system, for example 500 requests/s, results in 100 requests blocking waiting for a JDBC connection _for every second_.
@@ -1049,7 +1091,7 @@ When no more threads are available, additional requests will queue up as tasks i
1049
1091
This situation affects the whole server, so one bad behaving web application may affect other well behaving web applications.
1050
1092
From the end user perspective the quality of service is terrible, because requests will take a lot of time to be served and eventually time out.
1051
1093
1052
-
In cases of load spikes, caused for example by popular events (weather or social events), usage bursts (Black Friday sales), or even denial of service attacks, it is desirable to give priority to certain requests rather than others.
1094
+
In cases of load spikes, caused for example by popular events (weather or social events), usage bursts (Black Friday sales), or even denial-of-service attacks, it is desirable to give priority to certain requests rather than others.
1053
1095
For example, in an e-commerce site requests that lead to the checkout and to the payments should have higher priorities than requests to browse the products.
1054
1096
Another example is to prioritize requests for certain users such as paying users or administrative users.
1055
1097
@@ -1236,6 +1278,20 @@ This allows web applications that use blocking API calls such as `HttpServletReq
1236
1278
For other types of request content, `EagerContentHandler` reads and retains request content bytes up to a configurable amount, and then invokes the next `Handler`, without any further processing of the request content bytes.
1237
1279
This allows web applications that use blocking API calls such as `HttpServletRequest.getInputStream()` to avoid blocking in most cases (if the request is smaller than what has been configured in `EagerContentHandler`).
1238
1280
1281
+
[[handler-use-thread-limit]]
1282
+
==== ThreadLimitHandler
1283
+
1284
+
`ThreadLimitHandler` tracks remote IP addresses and limits the number of concurrent requests (and therefore threads) for each remote IP address to protect against denial-of-service attacks.
1285
+
1286
+
`ThreadLimitHandler` extends xref:handler-use-conditional[`ConditionalHandler`], so you may be able to restrict what `ThreadLimitHandler` does to only requests that match the conditions (for example, only to `POST` requests, or only for certain request URIs, etc.)
1287
+
1288
+
The remote IP address can be derived from the network, or from the `Forwarded` (or the now obsolete `X-Forwarded-For`) HTTP header.
1289
+
The `Forwarded` header is typically present in requests that have been forwarded to Jetty by a reverse proxy such as HAProxy, Nginx, Apache, etc.
1290
+
1291
+
// TODO: mention the DoSHandler in Jetty 12.1.x.
1292
+
1293
+
Note that `ThreadLimitHandler` is different from xref:handler-use-qos[`QoSHandler`] in that it limits the number of concurrent requests per remote IP address, while `QoSHandler` limits the total number of concurrent requests.
0 commit comments