1

I am using Weblogic 12c(12.1.3) application server to run my application. I have configured complete message timeout in Weblogic to 30 seconds but when Qualys scan is running on this server, it can still keep a connection open for more than 30 seconds(in my case it was open even after 300 seconds) by sending a request with very slow transfer rate.

This means the complete message timeout setting is not working on the server otherwise the connection would have terminated after waiting for max 30 seconds. Is there any other configuration or am I missing something here?

I followed the recommendations from Oracle as per below article:

https://docs.oracle.com/cd/E24329_01/web.1211/e24390/wls_tuning.htm#PERFM196

smallarv
  • 11
  • 2
  • best is to have a reverse proxy in front of it, like Apache httpd, with mod_reqtimeout which enables you to have absolute control of the timeout to send headers, body, and everything. – Daniel Ferradal Apr 12 '19 at 11:42

1 Answers1

0

Complete message timeout setting works. Post Timeout setting is also at play here. Post Timeout (in seconds) is the time for reading HTTP POST data in a servlet request. If the POST data is chunked, the amount of time the server waits between the end of receiving the last chunk of data and the end of receiving the next chunk of data in an HTTP POST before it times out.

Qualys scan is doing chunking the post request and Web Logic resets the time (30 seconds default) after a chunk is received.

Qualys scan sample result

To combat this, either reduce the Post Timeout or set it to zero. To do this; 1. Click on Environments 2. Click on Servers 3. Click on your server name 4. Click on Protocols tab 5. Click on HTTP tab

igplanet
  • 1