https://issues.apache.org/bugzilla/show_bug.cgi?id=56751
--- Comment #3 from Eric Covener <[email protected]> --- > I think editing the example might be the first step, so future > mod_reqtimeout users won't be vulnerable. Is what you're referring to as "the example" the text next to the word "Default" in the manual? The default is not an example, it's what you get by default when you don't use the directive. In other words, the compiled-in defaults for the module. Is that what you're lobbying for to be 40 seconds? As I said before, there are plenty of examples that use a timeout for the body. But the user has to select one. Please start a thread over on [email protected] if you want to discuss a change to the defaults in the 2.4 or 2.2 maintenance stream -- I am personally not in favor, but that is the proper place for discussion. > Is there a common channel to inform all the distributions that ship with > Apache httpd, so they could consider changing their default configuration? Not really. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
