On 11/16/2015 05:50 PM, Rose, John B wrote: > Looking in the Security Tips document for Apache this is said … > > * The |TimeOut > <https://httpd.apache.org/docs/2.4/mod/core.html#timeout>| directive > should be lowered on sites that are subject to DoS attacks. Setting > this to as low as a few seconds may be appropriate. As |TimeOut > <https://httpd.apache.org/docs/2.4/mod/core.html#timeout>| is > currently used for several different operations, setting it to a low > value introduces problems with long running CGI scripts.' > > The default is 60 seconds, I have had a discussion where I was told > maybe 2-5 seconds is a good setting. > > What is commonly used nowadays in 2.4 on robust networks and architectures? > > thanks For guarding against slow loris and the likes, please see https://httpd.apache.org/docs/2.4/mod/mod_reqtimeout.html instead. With regards, Daniel. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|