# # Set timeout and minimum data rate for receiving requests to limit # the effects of denial of service attacks that connect, but let the # server wait for the completion of the request, thereby allocating # resources. The most commonly name for this attack method is # slowloris. # # mod_reqtimeout.c must be loaded. # # see https://httpd.apache.org/docs/2.2/mod/mod_reqtimeout.html # or /usr/share/apache2/manual/mod/mod_reqtimeout.html.en # # Note: # the RequestReadTimeout directive can also be placed into a # virtual host context. # # Play around with variations of the below values if you are # under attack from slowloris or a similar tool. # allow 10s timeout for the headers and allow 1s more until 20s upon # receipt of 1000 bytes. # almost the same with the body, except that it is tricky to # limit the request timeout within the body at all - it may take # time to generate the body. RequestReadTimeout header=10-20,MinRate=1000 body=20,MinRate=1000