Server Behavior when Authenticating Connections

The Universal Messaging server has denial-of-service (DoS) attack checks enabled by default. If the connections pending authentication within the Auth Time configured for an interface exceed the value of the MaxUnauthorisedCount property, the server rejects any upcoming connections for this host and reports "potential denial of service" errors. The host is either the remote IP address of the connecting socket or the load balancer host if a load balancer is used.

The MaxUnauthorisedCount realm configuration property specifies the maximum number of unauthorized connections per host. You configure MaxUnauthorisedCount in the Thread Pool Config group on the Config tab in the Enterprise Manager.

In addition, you can configure the server to report warning messages if a connection takes more than a specified time to authenticate. To do so, you set the AuthenticationTimeLogThreshold system property in the Server_Common.conf file in the Software AG_directory \UniversalMessaging\server\instance_name\bin directory as follows:

wrapper.java.additional.n=-DAuthenticationTimeLogThreshold=<time_in_milliseconds>

where n is a unique positive integer. The default value is 1000 milliseconds. Usually, the property should have a value of between 1000 and 30000, but you can adjust it according to the requirements of your system.