30 lines
1020 B
Plaintext
30 lines
1020 B
Plaintext
#
|
|
# Set timeout and minimum data rate for receiving requests to limit
|
|
# the effects of denial of service attacks that connect, but let the
|
|
# server wait for the completion of the request, thereby allocating
|
|
# resources. The most commonly name for this attack method is
|
|
# slowloris.
|
|
#
|
|
# mod_reqtimeout.c must be loaded.
|
|
#
|
|
# see https://httpd.apache.org/docs/2.4/mod/mod_reqtimeout.html
|
|
# or /usr/share/apache2/manual/mod/mod_reqtimeout.html.en
|
|
#
|
|
# Note:
|
|
# the RequestReadTimeout directive can also be placed into a
|
|
# virtual host context.
|
|
#
|
|
# Play around with variations of the below values if you are
|
|
# under attack from slowloris or a similar tool.
|
|
|
|
<IfModule mod_reqtimeout.c>
|
|
# allow 10s timeout for the headers and allow 1s more until 20s upon
|
|
# receipt of 1000 bytes.
|
|
# almost the same with the body, except that it is tricky to
|
|
# limit the request timeout within the body at all - it may take
|
|
# time to generate the body.
|
|
RequestReadTimeout header=10-20,MinRate=1000 body=20,MinRate=1000
|
|
</IfModule>
|
|
|
|
|