1 <IfModule reqtimeout_module>
3 # mod_reqtimeout limits the time waiting on the client to prevent an
4 # attacker from causing a denial of service by opening many connections
5 # but not sending requests. This file tries to give a sensible default
6 # configuration, but it may be necessary to tune the timeout values to
7 # the actual situation. Note that it is also possible to configure
8 # mod_reqtimeout per virtual host.
11 # Wait max 20 seconds for the first byte of the request line+headers
12 # From then, require a minimum data rate of 500 bytes/s, but don't
13 # wait longer than 40 seconds in total.
14 # Note: Lower timeouts may make sense on non-ssl virtual hosts but can
15 # cause problem with ssl enabled virtual hosts: This timeout includes
16 # the time a browser may need to fetch the CRL for the certificate. If
17 # the CRL server is not reachable, it may take more than 10 seconds
18 # until the browser gives up.
19 RequestReadTimeout header=20-40,minrate=500
21 # Wait max 10 seconds for the first byte of the request body (if any)
22 # From then, require a minimum data rate of 500 bytes/s
23 RequestReadTimeout body=10,minrate=500