Hi http://httpd.apache.org/docs/2.4/mod/mod_reqtimeout.html i am missing such a option for Trafficserver this would mitigate a lot of Slowloris-like DOS-attacks
<IfModule mod_reqtimeout.c> RequestReadTimeout "header=10-15,MinRate=500" </IfModule> ____________________________________________________ the same request as below is terminated by httpd after 10 seconds while Trafficserver waits "no_activity_timeout" to close it CONFIG proxy.config.http.transaction_no_activity_timeout_in INT 60 is in no way compareable, because if you lower this to 10 seconds you kill any request targeted to a longer running PHP script on the origin server what happens application and load-dependent httpd does even not terminate the following script with "Timeout 30" and "RequestReadTimeout" with setting above <?php sleep(90); echo 'TEST'; ?> ____________________________________________________ [harry@srv-rhsoft:~/Desktop]$ ./timeout.sh Sa 11. Mai 14:50:43 CEST 2013 Trying 10.0.0.4... Connected to proxy. Escape character is '^]'. GET / HTTP/1.1 Connection closed by foreign host. Sa 11. Mai 14:51:46 CEST 2013 [harry@srv-rhsoft:~/Desktop]$ ./timeout.sh Sa 11. Mai 15:00:37 CEST 2013 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET / HTTP/1.1 HTTP/1.1 408 Request Timeout Server: Apache Content-Length: 545 Connection: close Content-Type: text/html; charset=iso-8859-1 Connection closed by foreign host. Sa 11. Mai 15:00:48 CEST 2013 ____________________________________________________ that is the test-script after call it simply paste "GET / HTTP/1.1" in the telnet session and press enter and look how long timeout takes [harry@srv-rhsoft:~/Desktop]$ cat timeout.sh #!/bin/bash date telnet localhost 80 date
signature.asc
Description: OpenPGP digital signature
