-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi all,
Could I get +1s for the following patch?
This patch is to prevent broken (or malicious) clients from
taking up connection resources on the reverse proxies if they
don't finish sending their request within a reasonable period
of time (10 seconds for headers should be more than enough).
This has been live on proxy02 for about 8 hours now, and resulted
it a lot lower CPU usage.
commit 4f96c69a2a0777cd1a474ac23bb5b37fe05ddfde
Author: Patrick Uiterwijk <puiterwijk(a)redhat.com>
Date: Wed Oct 14 16:35:26 2015 +0000
Set requesttimeout on headers
Signed-off-by: Patrick Uiterwijk <puiterwijk(a)redhat.com>
diff --git a/roles/httpd/proxy/tasks/main.yml b/roles/httpd/proxy/tasks/main.yml
index 45140d9..b909de9 100644
- --- a/roles/httpd/proxy/tasks/main.yml
+++ b/roles/httpd/proxy/tasks/main.yml
@@ -25,6 +25,7 @@
- 00-namevirtualhost.conf
- 01-keepalives.conf
- 02-ticketkey.conf
+ - 03-reqtimeout.conf
notify:
- restart httpd
tags:
diff --git a/roles/httpd/proxy/templates/03-reqtimeout.conf b/roles/httpd/proxy/templates/03-reqtimeout.conf
new file mode 100644
index 0000000..595595c
- --- /dev/null
+++ b/roles/httpd/proxy/templates/03-reqtimeout.conf
@@ -0,0 +1 @@
+RequestReadTimeout header=10
- --
With kind regards,
Patrick Uiterwijk
Fedora Infra
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWHoS3AAoJEIZXmA2atR5QvLEP/jTyJ+Y2GMg1kWcSAXQKtwdo
NPBGILqYhpsP5rWEVyx/7R+MRd0mlY7ECPFX9Vlkga39Q2isr3N5HUUmSWfAviDU
yaIo9/OAXepcmMguz9nese2mxlMKNtHY1RWiblpDlG39OFtgmhJcG5biN1xBvExO
xUJ221u45VWtV8QUMvL5DXpfPZ+ULXKI3ZysSX3k5eTozcmIFgA0XusJwE9/Wx+q
pW03fsU20LtPnLOT1+ZWAQ01StgCKzOU0kddKYG4LFVQHJnWu65tplqozOoyyqaN
enKlGuFeB4cdfg6f5bmO1FAx65RJeT47dLQ2zSozM30/f23bTm1sqLyLLNeIApa5
G25TlyjGe0DQ/H32YiTH0GXW/TFl8RSScPhyS8uraS4EVWcETRcBqcT4YKqEjL9V
6QgYHh3eWK8mvTgZC30lF/sr0wV4Jjd4DTJ7piQdlwyt21jviBDvS8KAiMqt7fdN
y0mi3jyls/DsOT7GEfguNY8Z0Qg8i4rrlOxz4+k6cInmMioc0c+TkhYTxvSbAmzd
h848Ah7uyoNoBgrZpCz9LMLmTSmV1h4YP2zmUkqteIqHVCeY7ko8TikD9Ry/w72K
ZmnenXu8rTwHhfyw7x5R3oIsa+V91Y3ilKi4uYftuw2ybTlEpndeDDTEqVjn8AnA
VBxy1T3ar9B9LAFR/2/w
=KuEj
-----END PGP SIGNATURE-----