0

I have set up an HTTP server for an embedded system to communicate with a known non-malicious remote client application.

I have had to disable keep-alive support on my server, as the remote client application always requests keep-alive but never reuses the connection. Instead, the client opens a new connection for each request and leaves the old one open indefinitely.

For example:

Client sends:

POST /my_server_path HTTP/1.1
accept: text/plain, */*; q=0.01
accept-encoding: gzip
connection: keep-alive
content-length: 4
content-type: application/x-www-form-urlencoded;charset=UTF-8
host: some_host:1234
origin: https://the_origin.com

test

My server responds with:

HTTP/1.1 200 OK
access-control-allow-headers: post-body
access-control-allow-origin: https://the_origin.com
allow: POST, OPTIONS
connection: keep-alive
content-length: 4
content-type: text/html
date: Mon, 01 Feb 2018 15:00:00 GMT
server: MyServer/1.0

test

While my HTTP server supports closing stale connections, I have started sending Connection: closed for every request to reduce the load on the system.

Is this behavior normal, am I missing something, or am I correct in assuming this is a bug with the remote client application?

Nathan Owen
  • 21
  • 7

1 Answers1

0

While not nice, the client is free to close the connection and use another one. Of course it is silly from it to request a keep-alive and then not use it, so you can target it as a bug, but it is still something that can happen. It may also be related to a proxy in the path.

See RFC 7230 and note the "MAY":

A client MAY send additional requests on a persistent connection until it sends or receives a "close" connection option or receives an HTTP/1.0 response without a "keep-alive" connection option.

This is why the server should not keep too many open keep-alive connections for a too long time. It can signal its policy to the client with the Keep-Alive header.

See the max and timeout parameter explained in https://tools.ietf.org/id/draft-thomson-hybi-http-timeout-01.html

Patrick Mevzek
  • 9,273
  • 7
  • 29
  • 42
  • The problem, in this case, is not that it is closing the connection and using another one. Rather, the problem is that it never closes the old one. With an idle timeout of 30 seconds, this allows for ~50 connections to be created for that one client before the server starts closing them. – Nathan Owen Feb 09 '18 at 20:29