httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fredk2 <fre...@gmail.com>
Subject [users@httpd] Setting the Timeout directive to refrain a DoS attacks
Date Wed, 24 Jun 2009 23:09:57 GMT

Hi,

http://httpd.apache.org/docs/2.2/mod/core.html#timeout says:

The TimeOut directive currently defines the amount of time Apache will wait
for three things
1. The total amount of time it takes to receive a GET request
...

1. seems to be misleading, tests with "Timeout 3" does not appear very
effective.
For example:
GET / HTTP/1.1
Host: foo
<sleep 2s>
X-a: b
<sleep 2s>
...

Such requests are not rejected after 3 seconds as expected.
Are we missing in Apache a timer for the header to complete ~ HeaderTimeout
1?

Kind regards - Fred
-- 
View this message in context: http://www.nabble.com/Setting-the-Timeout-directive-to-refrain-a-DoS-attacks-tp24194473p24194473.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message