Path: csiph.com!fu-berlin.de!uni-berlin.de!not-for-mail From: jmp Newsgroups: comp.lang.python Subject: Re: OT: limit number of connections from browser to my server? Date: Mon, 16 May 2016 19:26:36 +0200 Lines: 72 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Trace: news.uni-berlin.de l0WjtD/VncVQOJ7V6TuQbAWHddkPt7oOSr4vh12C7BOw== Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.001 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'socket': 0.07; 'subject:number': 0.07; 'https': 0.09; 'lead,': 0.09; 'page?': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'python': 0.10; 'assume': 0.11; 'files.': 0.13; 'file,': 0.15; 'prototype': 0.15; 'at,': 0.16; 'massively': 0.16; 'mutliple': 0.16; 'price,': 0.16; 'received:80.91.229.3': 0.16; 'received:io': 0.16; 'received:plane.gmane.org': 0.16; 'received:psf.io': 0.16; 'sense,': 0.16; 'specific,': 0.16; 'subject:limit': 0.16; 'subject:server': 0.16; 'tcp': 0.16; 'two,': 0.16; 'wrote:': 0.16; 'looked': 0.16; 'ssl': 0.18; 'solution.': 0.18; 'load': 0.20; 'library': 0.20; 'versions': 0.20; "we'd": 0.21; 'browsers': 0.22; 'trying': 0.22; 'bit': 0.23; 'seems': 0.23; 'header:In-Reply- To:1': 0.24; 'header': 0.24; 'requests': 0.25; "i've": 0.25; 'header:User-Agent:1': 0.26; "doesn't": 0.26; 'header:X -Complaints-To:1': 0.26; 'handling': 0.27; 'css': 0.27; 'said,': 0.27; 'turns': 0.27; 'idea': 0.28; 'device': 0.28; 'fine': 0.28; 'cpu': 0.29; "i'm": 0.30; 'connection': 0.30; 'work.': 0.30; 'connections': 0.30; 'seconds': 0.31; 'service,': 0.31; "can't": 0.32; 'embedded': 0.32; 'good.': 0.32; 'realize': 0.32; 'control,': 0.33; 'http': 0.33; 'open': 0.33; 'running': 0.34; 'server': 0.34; 'so,': 0.35; 'could': 0.35; '???': 0.35; 'problem.': 0.35; 'but': 0.36; 'there': 0.36; "wasn't": 0.36; 'to:addr:python-list': 0.36; 'subject:?': 0.36; 'pm,': 0.36; 'subject:: ': 0.37; 'being': 0.37; 'setting': 0.37; 'received:org': 0.37; 'seem': 0.37; 'subject:from': 0.39; 'takes': 0.39; 'to:addr:python.org': 0.40; 'some': 0.40; 'software': 0.40; 'your': 0.60; 'received:194': 0.61; 'charset:windows-1252': 0.62; 'course': 0.62; 'more': 0.63; 'our': 0.64; 'grab': 0.64; 'limit': 0.65; 'benefit': 0.66; 'life': 0.67; 'picture': 0.70; 'customers': 0.70; 'connection,': 0.72; 'upgrading': 0.72; 'connection.': 0.76; 'devices.': 0.84; 'farms': 0.84; 'edwards': 0.91; 'refuse': 0.93 X-Injected-Via-Gmane: http://gmane.org/ X-Gmane-NNTP-Posting-Host: paris.sequans.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 In-Reply-To: X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: X-Mailman-Original-References: Xref: csiph.com comp.lang.python:108677 On 05/16/2016 06:06 PM, Grant Edwards wrote: > This is not Python specific, though I'm turning to Python to do some > experimentation and to try to prototype a solution. > > Is there any way to limit the number of connections a browser uses to > download a web page? Browser writers seems to assume that all https > servers are massively parallel server farms with hardware crypto > support. > > So, when a browser wants to load a page that has the main html file, a > css file, a javascript library or two, and a few icons and background > bitmaps, they browser opens up a half-dozen SSL connections in > parallel. > > That's fine when the server is Facebook's server farm. > > But when it's a small embedded device running at 40MHz with a > single-threaded web server and software crypto, it turns a 2-second > page load time into a 15-second page load time. > > When we first added https support years ago, this wasn't a problem. A > browser would open _an_ SSL connection (handshake time around 2 > seconds), and then send mutliple HTTP requests over that connection to > grab a half-dozen files. Each HTTP request would take a few tens of > milliseconds, and life was good. > > Now that 2-second page load takes up to 10-15 seconds because of all > the SSL connection setup overhead involved in handling a half-dozen > "parallel" connections. > > I was _hoping_ there was an HTTP header or HTML meta tag that could be > used to smack the browser with a clue bat, but there doesn't seem to > be. [Please tell me I'm wrong...] > > Some browsers used to have a global "max parallel connections" setting > that the user could control, but a) that seems to be gone from recent > versions of browsers I've looked at, and b) we can't ask customers to > change that setting just for the benefit of our devices. > > So now I'm going to set up a simple Python HTTP server to try some > other approaches: > > 1) Only allow the listening socket to accept 1 connection at a time. > > 2) Accept the TCP connection, but don't allow the SSL handshaking to > start on the "extra" connections. > > 3) ??? > > 4) Profits! > > Any ideas? > Have you considered upgrading the device with a recent CPU ? Or is it completely out of the picture ? Depending on what you are selling, it may be actually cheaper than spending time trying to make it work. You could also "externalize" the web service, a 35$ raspberry pi would do it. Of course I do realize that everything I said may not make any sense, we'd need to know a little bit more about the "device". If 35$ double the price, that may not be a good idea. That being said, your first idea seems also a good lead, have your server refuse more than one connection. jm