Am 23.05.2013 15:14, schrieb Dirk-Willem van Gulik: > On 11 May 2013, at 20:26, Reindl Harald <h.rei...@thelounge.net> wrote: > >> after the connection is established and in case of connect >> you have already passed the TCP transmissions and kernel >> settings like >> >> net.ipv4.tcp_fin_timeout = 5 >> net.ipv4.tcp_retries1 = 5 >> net.ipv4.tcp_syn_retries = 5 >> net.ipv4.tcp_synack_retries = 5 > > The way I usually deal with this is three fold - and I think that it a) > behoves apache/traffic servr to allow admins to configure this in widely > varying ways while b) have somewhat sane middle of the road settings. > > > So am doubtful if this sort of knowledge should be part of the default. > > Think that those settings should be fairly conservative - designed to work in > a wide range of settings. > > Even if that means you can hog resources remotely with relative ease - as it > is hard to > know ahead of time if this is a enterprise-server sending large java > generated blobs to people on a local LAN or a small server doing short ajax-y > replies to mobile clients with 10's of seconds idleness in lots of parallel > connections. > > Just my 2 pence
in case of get not a single byte after the TCP connection is established and *not a single byte sent* this all doe snot matter and at least it should be configureable to close such connections after XX seconds not sending a single byte instead overload NAT-routers in front of the server easily
signature.asc
Description: OpenPGP digital signature
