- enable mod_reqtimeout by default via APACHE_MODULES in

/etc/sysconfig/apache2, configuration 
  /etc/apache2/mod_reqtimeout.conf .
  Of course, the existing configuration remains unchanged.

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=354

apache2-mod_reqtimeout.conf

@@ -0,0 +1,29 @@
+#
+# Set timeout and minimum data rate for receiving requests to limit
+# the effects of denial of service attacks that connect, but let the
+# server wait for the completion of the request, thereby allocating
+# resources. The most commonly name for this attack method is
+# slowloris.
+#
+# mod_reqtimeout.c must be loaded.
+#
+# see https://httpd.apache.org/docs/2.2/mod/mod_reqtimeout.html
+# or /usr/share/apache2/manual/mod/mod_reqtimeout.html.en
+#
+# Note:
+# the RequestReadTimeout directive can also be placed into a
+# virtual host context.
+#
+# Play around with variations of the below values if you are
+# under attack from slowloris or a similar tool.
+
+<IfModule mod_reqtimeout.c>
+  # allow 10s timeout for the headers and allow 1s more until 20s upon
+  # receipt of 1000 bytes.
+  # almost the same with the body, except that it is tricky to
+  # limit the request timeout within the body at all - it may take
+  # time to generate the body.
+  RequestReadTimeout header=10-20,MinRate=1000 body=20,MinRate=1000
+</IfModule>
+
+

apache2.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Sat Jan 21 13:54:01 CET 2012 - draht@suse.de
+
+- enable mod_reqtimeout by default via APACHE_MODULES in
+  /etc/sysconfig/apache2, configuration 
+  /etc/apache2/mod_reqtimeout.conf .
+  Of course, the existing configuration remains unchanged.
+
 -------------------------------------------------------------------
 Sat Dec 10 10:34:26 CET 2011 - meissner@suse.de
 

apache2.spec

@@ -121,6 +121,7 @@ Source110:      apache2-mod_userdir.conf
 Source111:      apache2-server-tuning.conf
 Source113:      apache2-ssl-global.conf
 Source114:      apache2-mod_usertrack.conf
+Source115:      apache2-mod_reqtimeout.conf
 Source130:      apache2-vhost.template
 Source131:      apache2-vhost-ssl.template
 Source140:      apache2-check_forensic

sysconfig.apache2

@@ -72,7 +72,7 @@ APACHE_CONF_INCLUDE_DIRS=""
 # apache's default installation
 # APACHE_MODULES="authz_host actions alias asis auth autoindex cgi dir imap include log_config mime negotiation setenvif status userdir"
 # your settings
-APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5"
+APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5 reqtimeout"
 
 
 ## Type:	string