What exactly does "connectionTimeout" means in Tomcat?

Question

In the docs (Tomcat 7 Config), it is written:

The number of milliseconds this Connector will wait, after accepting a connection, for the request URI line to be presented. Use a value of -1 to indicate no (i.e. infinite) timeout. The default value is 60000 (i.e. 60 seconds) but note that the standard server.xml that ships with Tomcat sets this to 20000 (i.e. 20 seconds). Unless disableUploadTimeout is set to false, this timeout will also be used when reading the request body (if any).

When a client sends request to a server, it will take N milliseconds to establish a connection. If this N exceeds the connection timeout that is set on the client's end, the request will fail in the client as expected.

I'm not able to understand what Tomcat's connectionTimeout does differently. Specifically, what does "after accepting a connection, for the request URI line to be presented" means ?

Answer 1

The connectionTimeout is the limit of time after which the server will automatically close the connection with the client not the other way around. It is a way to limit the impact of a Denial Of Service Attack. Indeed a typical way to do a DOS Attack is to launch several requests on a given server, and each request will last forever making the server waits for nothing and filling up its pool of threads such that the Server won't be able to accept any new requests. Thanks to this timeout, after x milliseconds it will ignore the request considering it as a potential attack.

Here is an interesting discussion on globally the same subject that goes a little bit deeper.