[GitHub] [tomcat] hojongs commented on pull request #579: Add activateDropConnection config to choose drop connection by http status code

["hojongs (via GitHub)" <gi...@apache.org>]

hojongs commented on PR #579:
URL: https://github.com/apache/tomcat/pull/579#issuecomment-1413855117

   @markt-asf 
   I get what you mean. But some people (including me) usually use the status codes with additional cases. For example, the status code 400 doesn't occur only in the badly formatted request. When requests are formatted well but the request value is incorrect, I use the status code 400 to respond to the request. (because I think the status code 400 is the most suitable in this case) and another use case: Sometimes our service can respond to clients with status code 500 during connections because of some reasons.
   
   In these cases, I don't want decreased performance by dropping connections due to responses of the status code 500 even though I need to endure the security concerns you mentioned. So I want this option to choose control over the default behavior.
   
   I think it'll be fine if users can have the opportunity to choose the behavior while the default behavior is dropping connection for the security concern you mentioned. It'll be safer for servers to drop connections as the default behavior.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org