<name>mod_reqtimeout</name>
<description>Set timeout and minimum data rate for receiving requests
</description>
-<status>Experimental</status>
+<status>Extension</status>
<sourcefile>mod_reqtimeout.c</sourcefile>
<identifier>reqtimeout_module</identifier>
-<compatibility>Available in Apache 2.2.15 and later</compatibility>
<section id="examples"><title>Examples</title>
Allow 10 seconds to receive the request including the headers and
30 seconds for receiving the request body:
- <example>
+ <highlight language="config">
RequestReadTimeout header=10 body=30
- </example>
+ </highlight>
</li>
<li>
Allow at least 10 seconds to receive the request body.
If the client sends data, increase the timeout by 1 second for every
- 1000 bytes received, with no upper limit for the timeout (exept for
+ 1000 bytes received, with no upper limit for the timeout (except for
the limit given indirectly by
<directive module="core">LimitRequestBody</directive>):
- <example>
+ <highlight language="config">
RequestReadTimeout body=10,MinRate=1000
- </example>
+ </highlight>
</li>
<li>
500 bytes received. But do not allow more than 30 seconds for the
request including the headers:
- <example>
+ <highlight language="config">
RequestReadTimeout header=10-30,MinRate=500
- </example>
+ </highlight>
+ </li>
+
+ <li>
+ Usually, a server should have both header and body timeouts configured.
+ If a common configuration is used for http and https virtual hosts, the
+ timeouts should not be set too low:
+
+ <highlight language="config">
+ RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
+ </highlight>
</li>
</ol>
<description>Set timeout values for receiving request headers and body from client.
</description>
<syntax>RequestReadTimeout
-[header=<var>timeout</var>[[-<var>maxtimeout</var>],MinRate=<var>rate</var>]
-[body=<var>timeout</var>[[-<var>maxtimeout</var>],MinRate=<var>rate</var>]
+[header=<var>timeout</var>[-<var>maxtimeout</var>][,MinRate=<var>rate</var>]
+[body=<var>timeout</var>[-<var>maxtimeout</var>][,MinRate=<var>rate</var>]
</syntax>
-<default>Unset; no limit</default>
+<default>header=20-40,MinRate=500 body=20,MinRate=500</default>
<contextlist><context>server config</context><context>virtual host</context>
</contextlist>
+<compatibility>Defaulted to disabled in
+version 2.3.14 and earlier.</compatibility>
<usage>
<p>This directive can set various timeouts for receiving the request headers
is sent.</p>
<p>For SSL virtual hosts, the header timeout values include the time needed
- to do the initial SSL handshake. The body timeout values include the time
- needed for SSL renegotiation (if necessary).</p>
+ to do the initial SSL handshake. If the user's browser is configured to
+ query certificate revocation lists and the CRL server is not reachable, the
+ initial SSL handshake may take a significant time until the browser gives up
+ waiting for the CRL. Therefore the header timeout values should not be set
+ to very low values for SSL virtual hosts.
+ The body timeout values include the time needed for SSL renegotiation
+ (if necessary).</p>
<p>When an <directive module="core">AcceptFilter</directive> is in use
(usually the case on Linux and FreeBSD), the socket is not sent to the
body, respectively. A value of 0 means no limit.</p>
</li>
+ <li><strong>Disable module for a vhost:</strong>:<br />
+
+ <example>header=0 body=0</example>
+
+ <p>This disables <module>mod_reqtimeout</module> completely.</p>
+ </li>
+
<li><strong>Timeout value that is increased when data is
received</strong>:<br />
<example>