httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Iliffe <>
Subject Re: [users@httpd] Response code 408
Date Sun, 20 May 2012 18:46:12 GMT
On Tuesday 15 May 2012 14:29:56 Jeroen Geilman wrote:
> On 05/11/2012 06:01 PM, John Iliffe wrote:
> > I recently switched from Apache-2.2.14 to Apache-2.4.2.  In the entire
> > time we ran 2.2.14 I don't recall seeing a response code 408.  Since
> > we switched two weeks ago we average about 30 - 35 a day.  Our server
> > is not heavily loaded.
> > 
> > The RFC definition of response code 408 is "Request Timeout, the
> > client did not produce a request within the time the server was
> > prepared to wait."
> > 
> > All of these 408's are arising from background (AJAX) requests in the
> > browser that are well known to be very short  (16 bytes of data coded
> > as an HTTP GET).
> > 
> > Which parameter have I set to short?  Looking at the Apache docs there
> > don't seem to be any obvious choices.
> As clearly documented, one of the many new modules in 2.4 is
> mod_reqtimeout, which controls exactly this.
> It allows the server administrator to determine on a per-vhost basis how
> long the request timeout should be, and what the minimum data rate
> should be.
> This was added specifically to combat bots and slowdos attempts.
> The defaults - which you did not adjust for your site - are obviously
> not suited for your small AJAX snippets.
> Blind upgrades never go well.

Sorry for the delay; wanted to be sure I would be here if something screwed 

This was NOT a blind update; just a sysadmin with limited Apache 
experience.  My job is to maintain and operate the web servers for a small 
company, including sysop and LAN duties and web designer, so I have limited 
speciality with most of the programmes that are running on the server.

That said, I have over the years (I've been in IT since 1966 and am now 
"retired") developed a high degree of confidence in the developers of OSS 
and their ability to set reasonable defaults.  When I upgraded to Apache 
2.4 I did catch one unknown bug: won't run with PHP 5.4.x - all child 
processes segfault when called (which is probably fixed by now) and one 
questionable documentation - "order allow deny" which has been 
syntactically  changed but still in the 2.4 docs the old way.

So, yes I did read the documentation and attempt to understand it.   
mod_reqtimeout and its parameters arrived with Apache 2.2.15 and is not 
documented in the 2.4 migration either, so yes, maybe I did miss something 
but it sure isn't obvious!

Thanks for the response and so far seems to have resolved the problem.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message