You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Eric Covener <co...@gmail.com> on 2011/06/28 18:43:21 UTC
Re: [users@httpd] Apache 2.2 > Timeout & RequestReadTimeout (mod_reqtimeout)
On Tue, Jun 28, 2011 at 11:42 AM, Geoff Millikan
<gm...@t1shopper.com> wrote:
> When both RequestReadTimeout and Timeout values are set, the smaller of the two takes precedence, right? For example, if Timeout 6
> and RequestReadTimeout header=10 body=30 then Apache will close the connection at 6 seconds and the RequestReadTimeout will never be
> activated, right?
>
> http://httpd.apache.org/docs/current/mod/core.html#timeout
>
> http://httpd.apache.org/docs/2.2/mod/mod_reqtimeout.html
No. The Timeout refers to each individual read or write, so you can
easily take more than 10 seconds end-to-end to read the headers but
have never waited more than 5 seconds for an individual read.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.2 > Timeout & RequestReadTimeout (mod_reqtimeout)
Posted by Eric Covener <co...@gmail.com>.
On Mon, Jul 25, 2011 at 2:18 PM, Geoff Millikan <gm...@t1shopper.com> wrote:
>>> When both RequestReadTimeout and Timeout values are set, the smaller
>>> of the two takes precedence, right? For example, if Timeout 6 and
>>> RequestReadTimeout header=10 body=30 then Apache will close the connection
>>> at 6 seconds and the RequestReadTimeout will never be activated, right?
>
>> No. The Timeout refers to each individual read or write, so you can
>> easily take more than 10 seconds end-to-end to read the headers but
>> have never waited more than 5 seconds for an individual read.
>
> How could it easily take more than 10 seconds end-to-end to read the headers? For example let's assume we have request headers of
> 4000 bytes (which is bigger than average) and a dial up connection of 56 kbps. The headers should transfer in 0.57 seconds (not
> accounting for slow start and other TCP/IP oddities). Assuming a 300% error margin for the end-to-end to read, we're still only at
> 1.71 seconds
You didn't restrict the question to non-malicious (or otherwise
exceptional) clients. I was describing how a request can pass the
Timeout check easily (sending a byte every few seconds) but still get
easily caught within the RequestReadTimeout -- the Timeout does not
take precedence.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Apache 2.2 > Timeout & RequestReadTimeout (mod_reqtimeout)
Posted by Geoff Millikan <gm...@t1shopper.com>.
>> When both RequestReadTimeout and Timeout values are set, the smaller
>> of the two takes precedence, right? For example, if Timeout 6 and
>> RequestReadTimeout header=10 body=30 then Apache will close the connection
>> at 6 seconds and the RequestReadTimeout will never be activated, right?
> No. The Timeout refers to each individual read or write, so you can
> easily take more than 10 seconds end-to-end to read the headers but
> have never waited more than 5 seconds for an individual read.
How could it easily take more than 10 seconds end-to-end to read the headers? For example let's assume we have request headers of
4000 bytes (which is bigger than average) and a dial up connection of 56 kbps. The headers should transfer in 0.57 seconds (not
accounting for slow start and other TCP/IP oddities). Assuming a 300% error margin for the end-to-end to read, we're still only at
1.71 seconds.
So it seems like setting "RequestReadTimeout header=10" should be plenty high but obviously it's not because at 10 seconds we get
many false hits but we don't understand why.
What am I missing?
Thanks,
Geoff
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org