Details
-
New Feature
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
Description
Our Archiva installation uses a company-internal caching proxy (ISA Server) to connect to remote repositories.
When there are many remote repositories and many developers trying to look up artifacts (existing and non-existing artifacts, e.g. often -sources and -javadoc attachments), Archiva is creating many HTTP connections to the remote repositories.
This leads to a situation where the caching proxy thinks Archiva is creating too many connections. The ISA warning mail even suggests the host computer may be infected with a worm because it creates so many new connections and blocks the host completely for all outgoing HTTP requests.
The policies for the remote repositories are configured for retrieving "once", "never" or "daily", depending on whether it's releases or snapshots. Caching failures is disabled and i'm trying with enabled failure caching, but it doesn't make much difference and the problem still occurs once in a while.
I think Archiva should have a configurable way to limit the number of (new) connections made per time unit, e.g. "max 60 connections / minute" to prevent this. It's kind of a potential denial of service vulnerability.