- From: Willy Tarreau <w@1wt.eu>
- Date: Mon, 20 Jun 2011 23:56:03 +0200
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Jan Starke <jan.starke@outofbed.org>, ietf-http-wg@w3.org
On Mon, Jun 20, 2011 at 09:41:10PM +0000, Poul-Henning Kamp wrote: > In message <20110620211911.GL2897@1wt.eu>, Willy Tarreau writes: > >On Mon, Jun 20, 2011 at 05:03:32PM +0000, Poul-Henning Kamp wrote: > > >> There is no possible timeout value which will both serve slow clients > >> in bad connectivity (iPhone4 ?) and prevent DoS attacks. > > > >Yes in practice you can because even with bad connectivity you're generally > >interested by covering holes as large as 30-60 seconds, > > Well your sever may not crash, but it does not serve legitimate > traffic either. I'm sorry, I don't see your point. Why are you saying that the server does not serve legitimate traffic ? It will only break the dead connection but still serve all other ones well, that's the point of timeouts. Also that's why some protocols with very long sessions implement an application-level keep-alive (eg: SSH). That way it's possible to have reasonable timeouts (eg. twice the keep-alive interval) without keeping dead connections forever. Willy
Received on Monday, 20 June 2011 21:56:36 UTC