Exactly, but for a public-facing web site we have no saying in whether clients use a firewall or not :( Also, doesn't this mean that someone could effectively take down the entire server by opening (MaxWorkers) requests every 5 minutes and then just not respond to / read the response at all? Wouldn't this make apache a very easy (D)-DoS target? Has anyone else experienced this issue? Is there a way to reduce the write-to-client timeout in Apache? FWIW, I think I'll look into PHP's built-in outbut buffering feature to reduce the the issue of locked PHP session files while writes time out. - Frode On Thu, Nov 23, 2006 at 11:12:52 +0100, Roman Fiedler wrote: > Hi, > > seems to be just a firewalling/networking problem. The httpd cannot > operate on the protocol stack level since it does not have the right > privileges. It could be that your client closes the socket (FIN-ACK), > but the the firewall blocks further TCP-packets from the server to your > local protocol stack (no ack sent, remote protocol state machine goes to > timeout). This could be an anti-scanning/anti-DOS setting in your > firewall to prevent that the list of already closed connections may grow > too large (close-wait state?) > > roman --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|