Looking in the Security Tips document for Apache this is said ... * The TimeOut<https://httpd.apache.org/docs/2.4/mod/core.html#timeout> directive should be lowered on sites that are subject to DoS attacks. Setting this to as low as a few seconds may be appropriate. As TimeOut<https://httpd.apache.org/docs/2.4/mod/core.html#timeout> is currently used for several different operations, setting it to a low value introduces problems with long running CGI scripts.'
The default is 60 seconds, I have had a discussion where I was told maybe 2-5 seconds is a good setting. What is commonly used nowadays in 2.4 on robust networks and architectures? thanks