Freeze Break Request: Proxy RequestTimeout

Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> · Wed, 14 Oct 2015 18:37:11 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi all,

Could I get +1s for the following patch?
This patch is to prevent broken (or malicious) clients from
taking up connection resources on the reverse proxies if they
don't finish sending their request within a reasonable period
of time (10 seconds for headers should be more than enough).
This has been live on proxy02 for about 8 hours now, and resulted
it a lot lower CPU usage.



commit 4f96c69a2a0777cd1a474ac23bb5b37fe05ddfde
Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
Date:   Wed Oct 14 16:35:26 2015 +0000

    Set requesttimeout on headers
    
    Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>

diff --git a/roles/httpd/proxy/tasks/main.yml b/roles/httpd/proxy/tasks/main.yml
index 45140d9..b909de9 100644
- --- a/roles/httpd/proxy/tasks/main.yml
+++ b/roles/httpd/proxy/tasks/main.yml
@@ -25,6 +25,7 @@
   - 00-namevirtualhost.conf
   - 01-keepalives.conf
   - 02-ticketkey.conf
+  - 03-reqtimeout.conf
   notify:
   - restart httpd
   tags:
diff --git a/roles/httpd/proxy/templates/03-reqtimeout.conf b/roles/httpd/proxy/templates/03-reqtimeout.conf
new file mode 100644
index 0000000..595595c
- --- /dev/null
+++ b/roles/httpd/proxy/templates/03-reqtimeout.conf
@@ -0,0 +1 @@
+RequestReadTimeout header=10



- -- 
With kind regards,
Patrick Uiterwijk
Fedora Infra
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWHoS3AAoJEIZXmA2atR5QvLEP/jTyJ+Y2GMg1kWcSAXQKtwdo
NPBGILqYhpsP5rWEVyx/7R+MRd0mlY7ECPFX9Vlkga39Q2isr3N5HUUmSWfAviDU
yaIo9/OAXepcmMguz9nese2mxlMKNtHY1RWiblpDlG39OFtgmhJcG5biN1xBvExO
xUJ221u45VWtV8QUMvL5DXpfPZ+ULXKI3ZysSX3k5eTozcmIFgA0XusJwE9/Wx+q
pW03fsU20LtPnLOT1+ZWAQ01StgCKzOU0kddKYG4LFVQHJnWu65tplqozOoyyqaN
enKlGuFeB4cdfg6f5bmO1FAx65RJeT47dLQ2zSozM30/f23bTm1sqLyLLNeIApa5
G25TlyjGe0DQ/H32YiTH0GXW/TFl8RSScPhyS8uraS4EVWcETRcBqcT4YKqEjL9V
6QgYHh3eWK8mvTgZC30lF/sr0wV4Jjd4DTJ7piQdlwyt21jviBDvS8KAiMqt7fdN
y0mi3jyls/DsOT7GEfguNY8Z0Qg8i4rrlOxz4+k6cInmMioc0c+TkhYTxvSbAmzd
h848Ah7uyoNoBgrZpCz9LMLmTSmV1h4YP2zmUkqteIqHVCeY7ko8TikD9Ry/w72K
ZmnenXu8rTwHhfyw7x5R3oIsa+V91Y3ilKi4uYftuw2ybTlEpndeDDTEqVjn8AnA
VBxy1T3ar9B9LAFR/2/w
=KuEj
-----END PGP SIGNATURE-----
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx






