Am 11.05.2013 19:49, schrieb Eric Covener: >> localhost >> test with request: 10 seconds >> test without request: 41 seconds > > As the manual says: > > When an AcceptFilter is in use (usually the case on Linux and > FreeBSD), the socket is not sent to the server process before at least > one byte (or the whole request for httpready) is received. The header > timeout configured with RequestReadTimeout is only effective after the > server process has received the socket.
i did read the manual but that does not change the fact that there is a open connection which affects connection tracking of firewalls and NAt devices > But it's not of much consequence since a thread is not consumed. > > On Linux, it looks like the call to setsockopt TCP_DEFER_ACCEPT is > hard-coded to 30 seconds -- + 10 seconds in mod_reqtimeout which is still way too much if you are under a real distributed DOS, been there, died there "CONFIG proxy.config.net.defer_accept INT 1" of Trafficserver is a damned good idea in such cases - in real life it takes never longer than 1 second and even if - it's configureable
signature.asc
Description: OpenPGP digital signature
