-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi all,
Could I get +1s for the following patch? This patch is to prevent broken (or malicious) clients from taking up connection resources on the reverse proxies if they don't finish sending their request within a reasonable period of time (10 seconds for headers should be more than enough). This has been live on proxy02 for about 8 hours now, and resulted it a lot lower CPU usage.
commit 4f96c69a2a0777cd1a474ac23bb5b37fe05ddfde Author: Patrick Uiterwijk puiterwijk@redhat.com Date: Wed Oct 14 16:35:26 2015 +0000
Set requesttimeout on headers
Signed-off-by: Patrick Uiterwijk puiterwijk@redhat.com
diff --git a/roles/httpd/proxy/tasks/main.yml b/roles/httpd/proxy/tasks/main.yml index 45140d9..b909de9 100644 - --- a/roles/httpd/proxy/tasks/main.yml +++ b/roles/httpd/proxy/tasks/main.yml @@ -25,6 +25,7 @@ - 00-namevirtualhost.conf - 01-keepalives.conf - 02-ticketkey.conf + - 03-reqtimeout.conf notify: - restart httpd tags: diff --git a/roles/httpd/proxy/templates/03-reqtimeout.conf b/roles/httpd/proxy/templates/03-reqtimeout.conf new file mode 100644 index 0000000..595595c - --- /dev/null +++ b/roles/httpd/proxy/templates/03-reqtimeout.conf @@ -0,0 +1 @@ +RequestReadTimeout header=10
- -- With kind regards, Patrick Uiterwijk Fedora Infra