httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Gruno <humbed...@apache.org>
Subject Re: [users@httpd] TimeOut
Date Mon, 16 Nov 2015 16:53:58 GMT
On 11/16/2015 05:50 PM, Rose, John B wrote:
> Looking in the Security Tips document for Apache this is said …
> 
>   * The |TimeOut
>     <https://httpd.apache.org/docs/2.4/mod/core.html#timeout>| directive
>     should be lowered on sites that are subject to DoS attacks. Setting
>     this to as low as a few seconds may be appropriate. As |TimeOut
>     <https://httpd.apache.org/docs/2.4/mod/core.html#timeout>| is
>     currently used for several different operations, setting it to a low
>     value introduces problems with long running CGI scripts.'
> 
> The default is 60 seconds, I have had a discussion where I was told
> maybe 2-5 seconds is a good setting. 
> 
> What is commonly used nowadays in 2.4 on robust networks and architectures?
> 
> thanks

For guarding against slow loris and the likes, please see
https://httpd.apache.org/docs/2.4/mod/mod_reqtimeout.html instead.

With regards,
Daniel.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message