mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-21 11:58:03 +00:00
036fae0ec9
In order to offer DoS protection, it may be required to lower the maximum accepted time to receive a complete HTTP request without affecting the client timeout. This helps protecting against established connections on which nothing is sent. The client timeout cannot offer a good protection against this abuse because it is an inactivity timeout, which means that if the attacker sends one character every now and then, the timeout will not trigger. With the HTTP request timeout, no matter what speed the client types, the request will be aborted if it does not complete in time.
28 lines
834 B
INI
28 lines
834 B
INI
# This is a test configuration.
|
|
# It is used to check that time units are correctly parsed.
|
|
|
|
global
|
|
maxconn 1000
|
|
stats timeout 3s
|
|
|
|
listen sample1
|
|
mode http
|
|
retries 1
|
|
redispatch
|
|
timeout client 15m
|
|
timeout http-request 6s
|
|
timeout tarpit 20s
|
|
timeout queue 60s
|
|
timeout connect 5s
|
|
timeout server 15m
|
|
maxconn 40000
|
|
bind :8000
|
|
balance roundrobin
|
|
option allbackups
|
|
server act1 127.0.0.1:80 weight 10 check port 81 inter 500ms fall 1
|
|
server act2 127.0.0.2:80 weight 20 check port 81 inter 500ms fall 1
|
|
server act3 127.0.0.3:80 weight 30 check port 81 inter 500ms fall 1
|
|
option httpclose
|
|
stats uri /stats
|
|
stats refresh 5000ms
|