X-Git-Url: https://dehnerts.com/gitweb/?a=blobdiff_plain;f=mods-available%2Freqtimeout.conf;h=615e81ede76226bb2a33ed2cb26d54e2bbca822b;hb=dc1f60078a19207875bb4f23bd5d82d727e74f78;hp=0dd49afddf30e6ece1618de0083d95bf35c482ea;hpb=054188200e8677710a0be31e9114b2ab2aa0a966;p=sysconfig%2Fapache2.git diff --git a/mods-available/reqtimeout.conf b/mods-available/reqtimeout.conf index 0dd49af..615e81e 100644 --- a/mods-available/reqtimeout.conf +++ b/mods-available/reqtimeout.conf @@ -1,12 +1,25 @@ -# Wait max 10 seconds for the first byte of the request line+headers +# mod_reqtimeout limits the time waiting on the client to prevent an +# attacker from causing a denial of service by opening many connections +# but not sending requests. This file tries to give a sensible default +# configuration, but it may be necessary to tune the timeout values to +# the actual situation. Note that it is also possible to configure +# mod_reqtimeout per virtual host. + + +# Wait max 20 seconds for the first byte of the request line+headers # From then, require a minimum data rate of 500 bytes/s, but don't -# wait longer than 20 seconds in total. -RequestReadTimeout header=10-20,minrate=500 +# wait longer than 40 seconds in total. +# Note: Lower timeouts may make sense on non-ssl virtual hosts but can +# cause problem with ssl enabled virtual hosts: This timeout includes +# the time a browser may need to fetch the CRL for the certificate. If +# the CRL server is not reachable, it may take more than 10 seconds +# until the browser gives up. +RequestReadTimeout header=20-40,minrate=500 # Wait max 10 seconds for the first byte of the request body (if any) -# From then, require a minimum data rate of 500 byte/s. +# From then, require a minimum data rate of 500 bytes/s RequestReadTimeout body=10,minrate=500