1

It seems that TidHTTPServer has a connection leak when connections fail. I have code in the OnException Event to count the current connections:

  function TMain.GetCurrentConnectionCount(AWebService: TIdHTTPServer): Integer;
    begin
      with AWebService.Contexts.LockList do
        try
          Result:=Count;
        finally
          AWebService.Contexts.UnlockList;
        end;
    end;

procedure TMain.WebServiceException(AContext: TIdContext; AException: Exception);
    begin
      LogWrite('"'+AException.Message+'" in Serversocket in Connection with '+AContext.Binding.PeerIP+':'+IntToStr(AContext.Binding.PeerPort)+'! Current Connectioncount: '+IntToStr(GetCurrentConnectionCount(WebService)), Detailed, TRUE, 'SSL');
      try
        AContext.Connection.Disconnect;
        LogWrite('Connection terminated! Current Connectioncount: '+IntToStr(GetCurrentConnectionCount(WebService)), Detailed, TRUE, 'SSL');
        if GetCurrentConnectionCount(WebService)>WebService.MaxConnections-2 then begin
          LogWrite('Too many open connections, forcing restart!',Verbose,TRUE,'SSL');
          RestartApp;
        end;
      except
        on E: Exception do
          LogWrite('"'+E.Message+'" while terminating Connection! Current Connectioncount: '+IntToStr(GetCurrentConnectionCount(WebService)), Detailed, TRUE, 'SSL');
      end;
    end;

procedure TMain.WebServiceConnect(AContext: TIdContext);
    var
      Allowedlist, Blockedlist: Boolean;
      Port, IP:string;
    begin
      try
        IP:=AContext.Binding.PeerIP;
        Port:=IntToStr(AContext.Binding.PeerPort);
        LogWrite('New Connection from "'+IP+':'+Port+'"! Current Connectioncount: '+IntToStr(GetCurrentConnectionCount(WebService)), Debug, TRUE, 'SSL');
        FFilterListLock.BeginRead;
        try
          Allowedlist:=Allowlist.IndexOf(IP)>-1;
          Blockedlist:=Blocklist.IndexOf(IP)>-1;
        finally
          FFilterListLock.EndRead;
        end;
        if not Allowedlist then begin
          if Blockedlist then begin
            LogWrite('Blocking IP "'+IP+':'+Port+'"!', Detailed, TRUE, 'SSL');
            LogRequest(IP, '*BLOCKED*');
            AContext.Connection.Disconnect;
            SysUtils.Abort; 
          end;
        end else begin
          LogWrite('IP "'+IP+':'+Port+'" is whitelisted!', Detailed, TRUE, 'SSL');
        end;
      except
        on E: Exception do begin
          if not(E is EAbort)then
            LogWrite('"'+E.Message+'" while connection-check on blocklist', Detailed, TRUE, 'SSL')
          else
            raise;
        end;
      end;
    end;

When I receive exception "Error accepting connection with SSL. EOF was observed that violates the protocol" the connection count does not decrease! I tried AContext.Connection.Disconnect; but that didn't help.

Any ideas?

Update1: Added Code for OnException and OnConnect

Wolfgang Bures
  • 509
  • 4
  • 12
  • There is no known connection leak in Indy. But without seeing a [mcve] of your code, there is no way to know if maybe your own code is blocking Indy from cleaning up properly. In any case, the `OnException` event is fired before the failed connection is closed and its owning thread has been terminated. You did not show where `GetCurrentConnectionCount()` is being called from. – Remy Lebeau Jul 01 '21 at 20:49
  • code updated... – Wolfgang Bures Jul 04 '21 at 11:50
  • You are calling `GetCurrentConnectionCount()` inside of the `OnException` handler (multiple times, why?). The failed `TIdContext` thread is still running at that point, so it will still be in the server's `Contexts` list. The `OnDisconnect` event will fire after the `OnException` event, and then the `TIdContext` will be removed from the list after the `OnDisconnect` event. Your code is not taking that into account. – Remy Lebeau Jul 04 '21 at 18:15
  • I was expecting this, but over time the number of Connections i count still rises. After a day or so I am at 15! And this always seems to happen at the specified exception error message – Wolfgang Bures Jul 04 '21 at 20:12
  • I am not in a position to debug this right now, you will have to debug it yourself. But I can tell you that this server code has been heavily tested in the past, so I have to suspect the problem is more likely to be in your code rather than Indy's code, like if your code is causing deadlocks that block the `TIdContext` threads from fully terminating. For instance, what does `LogWrite()` look like? Is it thread-safe? – Remy Lebeau Jul 04 '21 at 22:51

0 Answers0