httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r1032697 - /httpd/httpd/branches/2.2.x/docs/manual/mod/mod_reqtimeout.xml
Date Mon, 08 Nov 2010 20:43:30 GMT
Author: sf
Date: Mon Nov  8 20:43:29 2010
New Revision: 1032697

URL: http://svn.apache.org/viewvc?rev=1032697&view=rev
Log:
Note that CRL-querying browsers can have problems with low header timeouts.
Add another expamle config

Modified:
    httpd/httpd/branches/2.2.x/docs/manual/mod/mod_reqtimeout.xml

Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_reqtimeout.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_reqtimeout.xml?rev=1032697&r1=1032696&r2=1032697&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_reqtimeout.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_reqtimeout.xml Mon Nov  8 20:43:29 2010
@@ -65,6 +65,16 @@
         </example>
       </li>
 
+      <li>
+        Usually, a server should have both header and body timeouts configured.
+        If a common configuration is used for http and https virtual hosts, the
+        timeouts should not be set too low:
+
+        <example>
+          RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
+        </example>
+      </li>
+
     </ol>
 </section>
 
@@ -87,8 +97,13 @@
     is sent.</p>
 
     <p>For SSL virtual hosts, the header timeout values include the time needed
-    to do the initial SSL handshake. The body timeout values include the time
-    needed for SSL renegotiation (if necessary).</p>
+    to do the initial SSL handshake.  If the user's browser is configured to
+    query certificate revocation lists and the CRL server is not reachable, the
+    initial SSL handshake may take a significant time until the browser gives up
+    waiting for the CRL.  Therefore the header timeout values should not be set
+    to very low values for SSL virtual hosts.
+    The body timeout values include the time needed for SSL renegotiation
+    (if necessary).</p>
 
     <p>When an <directive module="core">AcceptFilter</directive> is in
use
     (usually the case on Linux and FreeBSD), the socket is not sent to the



Mime
View raw message