Hi,
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Geoff Thorpe
>
> There's also the other angle too: any old x86 with a tcp/ip stack
> and a modem
> can open a few (hundred) connections to your server and keep reconnecting
> whenever they're disconnected, the result can be quite annoying.
> This is the
> same reason that the "Timeout" should be kept as low as
> acceptable, otherwise
> the same old x86 can trickle bytes through 1-by-1 to prevent
> getting timed out,
> and tie up a number of your server processes for as long as they see fit.
Yep, I thought of this, what do you consider an acceptable timeout for keep
alives? The default KeepAliveTimeout is 15 seconds, the default Timeout is
300 seconds.
It seems to me that even without keep alives turned on it's trivial for a
client to flood the server with a few hundred connect requests to keep
Apache processes busy, so turning on keep alives doesn't really do anything
but tie up httpd processes for longer under normal loads.
-Dave
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
