[richfaces-issues] [JBoss JIRA] (RF-13109) a4j:push transaction flood

nathan dennis (JIRA) jira-events at lists.jboss.org
Mon Jul 29 11:26:26 EDT 2013 

    [ https://issues.jboss.org/browse/RF-13109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12793512#comment-12793512 ] 

nathan dennis commented on RF-13109:
------------------------------------

turns out that even with the context mapping added, if you place Apache in front this happens. ie... if you map the virtual host with context .... foo.bar.net/contextname it will still DOS your server. in fact this stuff only works when you are running through 8080 straight to the appserver. 
                
> a4j:push transaction flood 
> ---------------------------
>
>                 Key: RF-13109
>                 URL: https://issues.jboss.org/browse/RF-13109
>             Project: RichFaces
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: component-a4j-core
>    Affects Versions: 4.2.2.Final, 4.2.3.Final, 4.3.1
>         Environment: CHROME,Jboss 7.1.1.Final, Jboss 7.1.3.Final, CentoOS6.X, Windows 7
>            Reporter: nathan dennis
>              Labels: a4j:push, richfaces
>         Attachments: a4jPushFlood.tar.gz
>
>
> long poll doesnt refresh at the 30 second mark. After 5 minutes, Chrome goes into meltdown, sending a transaction back to the server approx. ever 8 ms causing DOS and browser lock after about 3 seconds. 
> Firefox on the other hand returns a cancelled transaction, exits abnormally, and goes back to behaving as expected with the appearance that it is working correctly. 
> This took me forever to find out why this was happening as I couldn't replicate it with the showcase code... or the test project i built specifically for figuring this out. In the end I was removing one component at a time until it started working.
> The cause of the issue is found in the jboss-web.xml file. For years, I have ran apache in front of my jboss installations. I would specify root context to / and map the domain straight to it using a virtual host in the jboss server config file (regardless of the version). AJP in front and away you go. a4j:push will crash if this context is mapped to / instead of /foo.
> I'm going to attempt to attach the sample project to recreate this with. Map the alias from jboss-web.xml to a virtual server in your standalone.xml file and start it up. navigate to the consumer link at the top of the app. turn on your developer tools and wait for the chaos. at the five minute mark you are going to see death and destruction. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the richfaces-issues mailing list