HTTP server timeout setting

  • Thread starter brother_of_karamazov
  • Start date

brother_of_karamazov

Legendary Poster
Anyone have an idea why Denver recommends the timeout in httpd.conf be set to some high number (2x WAS timeout)?


From the Apache docs:

The TimeOut directive currently defines the amount of time Apache will wait for three things:

1. The total amount of time it takes to receive a GET request.
2. The amount of time between receipt of TCP packets on a POST or PUT request.
3. The amount of time between ACKs on transmissions of TCP packets in responses.


The default in Apache is 300 seconds. Setting the timeout to a number Denver wants, like 4800 seconds (80 minutes) would only make Apache wait 80 minutes to process a GET, POST or PUT.

This doesn't seem to make sense. I have left it set to 300 seconds on several clients with no seeming ill effects. I'd just like to understand what Denver has in mind.
 
I have always left it at the 300 seconds when I have the choice. My reading of the setting is that is has nothing to do with session timeouts and is only related to timeouts at the network transport level. I figure someone in JDE just read various documents and lumped it into the recommended settings because the setting had "timeout" in its name. They have included it in the recommendations since the very beginning going back to WAS 3.5. Successive authors of the recommendation document have pretty much just cut and paste the same information. I have logged a few cases over the years to ask for a formal explanation of the setting but have always just received a cookie-cutter response telling me just to follow the recommendations.

I have set it to the 2x App server timeout when a site demanded it based on their reading of the documentation or a desire to follow the official recommendation. A high value doesn't seem to cause a problem in an internal LAN environment. In a public internet situation I have often seen the recommendation to *lower* this setting to something like 10 seconds to reduce the impact denial-of-service attacks.
 
Back
Top