<name>mod_reqtimeout</name>
<description>Set timeout and minimum data rate for receiving requests
</description>
-<status>Experimental</status>
+<status>Extension</status>
<sourcefile>mod_reqtimeout.c</sourcefile>
<identifier>reqtimeout_module</identifier>
-<compatibility>Available in Apache 2.3 and later</compatibility>
<section id="examples"><title>Examples</title>
Allow 10 seconds to receive the request including the headers and
30 seconds for receiving the request body:
- <example>
- RequestTimeout headerinit=10 bodyinit=30
- </example>
+ <highlight language="config">
+ RequestReadTimeout header=10 body=30
+ </highlight>
+ </li>
+
+ <li>
+ Allow at least 10 seconds to receive the request body.
+ If the client sends data, increase the timeout by 1 second for every
+ 1000 bytes received, with no upper limit for the timeout (except for
+ the limit given indirectly by
+ <directive module="core">LimitRequestBody</directive>):
+
+ <highlight language="config">
+ RequestReadTimeout body=10,MinRate=1000
+ </highlight>
</li>
<li>
500 bytes received. But do not allow more than 30 seconds for the
request including the headers:
- <example>
- RequestTimeout headerinit=10 headerminrate=500 headermax=30
- </example>
+ <highlight language="config">
+ RequestReadTimeout header=10-30,MinRate=500
+ </highlight>
</li>
<li>
- Allow at least 10 seconds to receive the request body.
- If the client sends data, increase the timeout by 1 second for every
- 1000 bytes received, with no upper limit for the timeout (exept for
- the limit given indirectly by
- <directive module="core">LimitRequestBody</directive>):
+ Usually, a server should have both header and body timeouts configured.
+ If a common configuration is used for http and https virtual hosts, the
+ timeouts should not be set too low:
- <example>
- RequestTimeout bodyinit=10 bodyminrate=1000
- </example>
+ <highlight language="config">
+ RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
+ </highlight>
</li>
</ol>
</section>
<directivesynopsis>
-<name>RequestTimeout</name>
+<name>RequestReadTimeout</name>
<description>Set timeout values for receiving request headers and body from client.
</description>
-<syntax>RequestTimeout
-[headerinit=<var>time</var>
-[headerminrate=<var>rate</var> [headermax=<var>time</var>]]]
-[bodyinit=<var>time</var>
-[bodyminrate=<var>rate</var> [bodymax=<var>time</var>]]]
+<syntax>RequestReadTimeout
+[header=<var>timeout</var>[-<var>maxtimeout</var>][,MinRate=<var>rate</var>]
+[body=<var>timeout</var>[-<var>maxtimeout</var>][,MinRate=<var>rate</var>]
</syntax>
-<default>Unset; all values 0</default>
+<default>header=20-40,MinRate=500 body=20,MinRate=500</default>
<contextlist><context>server config</context><context>virtual host</context>
</contextlist>
+<compatibility>Defaulted to disabled in
+version 2.3.14 and earlier.</compatibility>
<usage>
<p>This directive can set various timeouts for receiving the request headers
is sent.</p>
<p>For SSL virtual hosts, the header timeout values include the time needed
- to do the initial SSL handshake. The body timeout values include the time
- needed for SSL renegotiation (if necessary).</p>
+ to do the initial SSL handshake. If the user's browser is configured to
+ query certificate revocation lists and the CRL server is not reachable, the
+ initial SSL handshake may take a significant time until the browser gives up
+ waiting for the CRL. Therefore the header timeout values should not be set
+ to very low values for SSL virtual hosts.
+ The body timeout values include the time needed for SSL renegotiation
+ (if necessary).</p>
<p>When an <directive module="core">AcceptFilter</directive> is in use
(usually the case on Linux and FreeBSD), the socket is not sent to the
server process before at least one byte (or the whole request for
<code>httpready</code>) is received. The header timeout configured with
- <code>RequestTimeout</code> is only effective after the server process has
+ <code>RequestReadTimeout</code> is only effective after the server process has
received the socket.</p>
- <p>For the timeout parameters, the value 0 means no limit.</p>
+ <p>For each of the two timeout types (header or body), there are three ways
+ to specify the timeout:
+ </p>
+
+ <ul>
+
+ <li><strong>Fixed timeout value</strong>:<br />
+
+ <example><var>type</var>=<var>timeout</var></example>
+
+ <p>The time in seconds allowed for reading all of the request headers or
+ body, respectively. A value of 0 means no limit.</p>
+ </li>
- <dl>
+ <li><strong>Disable module for a vhost:</strong>:<br />
- <dt><code>headerinit</code></dt>
- <dd>The initial timeout for receiving the request headers in seconds.
- Also the timout for receiving the first byte of the request. If
- <code>headerminrate</code> is not set, the request line and all headers
- must be received within this time.</dd>
+ <example>header=0 body=0</example>
- <dt><code>headerminrate</code></dt>
- <dd>The minumum data rate for receiving the request headers in
- bytes/second. Whenever data is received, the timeout is increased
- according to this data rate.</dd>
+ <p>This disables <module>mod_reqtimeout</module> completely.</p>
+ </li>
- <dt><code>headermax</code></dt>
- <dd>The maximum timeout for receiving the request headers in seconds.
- The timeout cannot be increased above this value by
- <code>headerminrate</code>.</dd>
+ <li><strong>Timeout value that is increased when data is
+ received</strong>:<br />
+ <example>
+ <var>type</var>=<var>timeout</var>,MinRate=<var>data_rate</var>
+ </example>
- <dt><code>bodyinit</code></dt>
- <dd>The initial timeout for receiving the request body in seconds.
- Also the timout for receiving the first byte of the request body. If
- <code>bodyminrate</code> is not set, the complete request body must be
- received within this time.</dd>
+ <p>Same as above, but whenever data is received, the timeout value is
+ increased according to the specified minimum data rate (in bytes per
+ second).</p>
+ </li>
- <dt><code>bodyminrate</code></dt>
- <dd>The minumum data rate for receiving the request body in
- bytes/second. Whenever data is received, the timeout is increased
- according to this data rate.</dd>
+ <li><strong>Timeout value that is increased when data is received, with an
+ upper bound</strong>:<br />
+ <example>
+ <var>type</var>=<var>timeout</var>-<var>maxtimeout</var>,MinRate=<var>data_rate</var>
+ </example>
- <dt><code>bodymax</code></dt>
- <dd>The maximum timeout for receiving the request body in seconds.
- The timeout cannot be increased above this value by
- <code>bodyminrate</code></dd>
+ <p>Same as above, but the timeout will not be increased above the second
+ value of the specified timeout range.</p>
+ </li>
- </dl>
+ </ul>
</usage>