Re: Freeze Break Request: Proxy RequestTimeout

2015-10-14 Thread Kevin Fenzi 
+1 here

kevin


pgpxyOnAdnTD9.pgp
Description: OpenPGP digital signature
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org

Freeze Break Request: Proxy RequestTimeout

2015-10-14 Thread Patrick Uiterwijk 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi all,

Could I get +1s for the following patch?
This patch is to prevent broken (or malicious) clients from
taking up connection resources on the reverse proxies if they
don't finish sending their request within a reasonable period
of time (10 seconds for headers should be more than enough).
This has been live on proxy02 for about 8 hours now, and resulted
it a lot lower CPU usage.



commit 4f96c69a2a0777cd1a474ac23bb5b37fe05ddfde
Author: Patrick Uiterwijk 
Date:   Wed Oct 14 16:35:26 2015 +

Set requesttimeout on headers

Signed-off-by: Patrick Uiterwijk 

diff --git a/roles/httpd/proxy/tasks/main.yml b/roles/httpd/proxy/tasks/main.yml
index 45140d9..b909de9 100644
- --- a/roles/httpd/proxy/tasks/main.yml
+++ b/roles/httpd/proxy/tasks/main.yml
@@ -25,6 +25,7 @@
   - 00-namevirtualhost.conf
   - 01-keepalives.conf
   - 02-ticketkey.conf
+  - 03-reqtimeout.conf
   notify:
   - restart httpd
   tags:
diff --git a/roles/httpd/proxy/templates/03-reqtimeout.conf 
b/roles/httpd/proxy/templates/03-reqtimeout.conf
new file mode 100644
index 000..595595c
- --- /dev/null
+++ b/roles/httpd/proxy/templates/03-reqtimeout.conf
@@ -0,0 +1 @@
+RequestReadTimeout header=10



- -- 
With kind regards,
Patrick Uiterwijk
Fedora Infra
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJWHoS3AAoJEIZXmA2atR5QvLEP/jTyJ+Y2GMg1kWcSAXQKtwdo
NPBGILqYhpsP5rWEVyx/7R+MRd0mlY7ECPFX9Vlkga39Q2isr3N5HUUmSWfAviDU
yaIo9/OAXepcmMguz9nese2mxlMKNtHY1RWiblpDlG39OFtgmhJcG5biN1xBvExO
xUJ221u45VWtV8QUMvL5DXpfPZ+ULXKI3ZysSX3k5eTozcmIFgA0XusJwE9/Wx+q
pW03fsU20LtPnLOT1+ZWAQ01StgCKzOU0kddKYG4LFVQHJnWu65tplqozOoyyqaN
enKlGuFeB4cdfg6f5bmO1FAx65RJeT47dLQ2zSozM30/f23bTm1sqLyLLNeIApa5
G25TlyjGe0DQ/H32YiTH0GXW/TFl8RSScPhyS8uraS4EVWcETRcBqcT4YKqEjL9V
6QgYHh3eWK8mvTgZC30lF/sr0wV4Jjd4DTJ7piQdlwyt21jviBDvS8KAiMqt7fdN
y0mi3jyls/DsOT7GEfguNY8Z0Qg8i4rrlOxz4+k6cInmMioc0c+TkhYTxvSbAmzd
h848Ah7uyoNoBgrZpCz9LMLmTSmV1h4YP2zmUkqteIqHVCeY7ko8TikD9Ry/w72K
ZmnenXu8rTwHhfyw7x5R3oIsa+V91Y3ilKi4uYftuw2ybTlEpndeDDTEqVjn8AnA
VBxy1T3ar9B9LAFR/2/w
=KuEj
-END PGP SIGNATURE-
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org

Re: Freeze Break Request: Proxy RequestTimeout

2015-10-14 Thread Ralph Bean 
On Wed, Oct 14, 2015 at 11:08:11AM -0600, Kevin Fenzi wrote:
> +1 here
> 
> kevin

+1 here too.


signature.asc
Description: PGP signature
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org