Hi, http://httpd.apache.org/docs/2.2/mod/core.html#timeout says: The TimeOut directive currently defines the amount of time Apache will wait for three things 1. The total amount of time it takes to receive a GET request ... 1. seems to be misleading, tests with "Timeout 3" does not appear very effective. For example: GET / HTTP/1.1 Host: foo <sleep 2s> X-a: b <sleep 2s> ... Such requests are not rejected after 3 seconds as expected. Are we missing in Apache a timer for the header to complete ~ HeaderTimeout 1? Kind regards - Fred -- View this message in context: http://www.nabble.com/Setting-the-Timeout-directive-to-refrain-a-DoS-attacks-tp24194473p24194473.html Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|