Blocking Request - blocking

What does a server connection with a blocking request mean?
Thank You!

It means, when you make a request to the server, you wait until you hear back from it (blocking).
The advantage of this approach is that code that expects the request to complete will be ensured that the request has completed.
The downsides are that your code is "hung" until the request completes, and there is a chance that the request might not ever complete, which results in a hung thread and/or process.
Typically blocking requests are accompanied by timeouts, so after period of time, if no response is given, the call returns with an error indicated a timeout has elapsed, and you should diligently handle that case.
Web page requests are an example of a blocking request. When you type www.google.com into your browser, your browser makes a blocking request to Google's web server, waiting to display the response. If (for some crazy reason) google doesn't respond, you'll get a timeout error.

Related

Writing tests with http request without response

I need to prepare a Java test (citrus framework) which initial step is sending a http request. Unfortunately my app under tests does not reply to this http request with anything while my testing framework expects to have a response and generates an error otherwise. The best way to deal with such a situation which came to my mind is to use some kind of a proxy between my testing framework and actual application which will forward the test request to the actual application and reply back to the testing framework with OK status not waiting for the response from app.
Does it make a sense? How could I prepare such a proxy assuming that my tests are to be running with maven invocation?
I see following options:
Fire and forget: send the Http request (using the fork mode on the send operation in Citrus) and do not care for the response at all. Just leave out the receive message action to ignore the response in Citrus.
Expect the timeout: Send the Http request and use the receive timeout action to verify that the client does not receive a response in the given time
Assert/catch the timeout exception: Use the assert or catch action in Citrus to handle the timeout exception when sending the http request
Personally I would go for the option #2 where you send the Http request and verify that there is no response for a given amount of time. This makes sure that the actual behavior of your application to not send any response does not change over time.

How to detect akka-http server request timeout?

When writing an HTTP server using akka-http’s high-level Route API, is there a way to be notified that the request timeout has expired, or to check whether it is expired, or to check how much time remains? In implementing an expensive route, I would like to stop performing work on a request if the request times out.
Akka-http’s request timeout responds to HTTP requests with status code 503 Service Unavailable: “The server was not able to produce a timely response to your request.
Please try again in a short while!” It is configured using akka.http.server.request-timeout, which is 20 s by default.

Is it possible for Apache to send a 'pause' or 'wait' response to client while running a PHP/Perl script?

When the Apache server receives a POST request, I want to immediately send back a response, stating that the client should wait and not send anything.
While at the same time client's request will be passed on to a script (either PHP or Perl). And then the script will send back a response to the client.
Is this possible? I know that it is possible for Apache to send a 4xx response header, so that the client would stop sending. But I want to run a script while the client has stopped sending and then have the client redirect to somewhere..
There are a few HTTP status codes that may be of use IF you want to be fully REST-ful and use the HTTP verbs (GET, POST, PUT, DELETE, etc) and status codes
https://www.restapitutorial.com/httpstatuscodes.html
In particular for what I am interpreting as your use case, status code 202 Accepted may be correct for your use:
The request has been accepted for processing, but the processing has
not been completed. The request might or might not eventually be acted
upon, as it might be disallowed when processing actually takes place.
There is no facility for re-sending a status code from an asynchronous
operation such as this.
The 202 response is intentionally non-committal. Its purpose is to
allow a server to accept a request for some other process (perhaps a
batch-oriented process that is only run once per day) without
requiring that the user agent's connection to the server persist until
the process is completed. The entity returned with this response
SHOULD include an indication of the request's current status and
either a pointer to a status monitor or some estimate of when the user
can expect the request to be fulfilled.

What's the correct HTTP response code to return for Denial of Service (DoS) attack?

I have some logic in the web server to find out if the user is trying to do a DoS attack. But what's the correct HTTP response code to return for that? Also what's a good error message I can put in HTTP body to tell the user politely that he's got into the DoS attack path?
But what's the correct HTTP response code to return for that?
RFC 6585 suggests 429 Too Many Requests
The 429 status code indicates that the user has sent too many requests in a given amount of time ("rate limiting").
If the attack has compromised your ability to handle legitimate requests, then to those you might respond with 503 Service Unavailable.
Note the change in semantics - the person sending the bad requests gets a status out of the 4NN Client Error class, while those not at fault get a status from the 5NN Internal Service Error class.
what's a good error message I can put in HTTP body to tell the user politely that he's got into the DoS attack path?
Please stop that?

If a POST call is sent and user kills browser before it's complete, does it finish?

I'm unsure of the contract of a POST call connection. For example, a web page initiates a POST call and on the API side, the code begins executing. Say the code takes a couple minutes to complete, but the user closes the browser, severing the client side of the POST call.
Does this cause the API code to stop executing? If not, what happens when it tries to response to the web page, but the web page isn't there?
Once the server receives the POST it starts executing it. It doesn't matter if the client closes the browser while the server is executing the POST.
When the server finishes the process and performs the response, it will sent to the client. Again, it doesn't matter if nobody receives it, it will try to send it.
Note: You can test the process with a proxy like Fiddler. Even if you close the browser you will see the server response.