While mucking around with mod_proxy and mod_proxy_connect using Apache 2.4 (httpd24) on CentOS, I found I was getting connections dropped at frequent intervals with the client side errorWrite failed: Broken pipe
Enabling debugging on the server side gave me this output# ip's redacted [Mon Mar 24 22:49:31.775113 2014] [reqtimeout:info] [pid 6626] [client 188.8.131.52:62147] AH01382: Request header read timeout [Mon Mar 24 22:49:31.775193 2014] [ssl:info] [pid 6626] (70007) The timeout specified has expired: [client 184.108.40.206:62147] AH01991: SSL input filter read failed. [Mon Mar 24 22:49:31.775211 2014] [proxy_connect:debug] [pid 6626] mod_proxy_connect. c(183):(70007)The timeout specified has expired: [client 220.127.116.11:62147] AH01018: error on client - ap_get_brigade
Which led me in the direction of mod_reqtimeout. Why I hadn’t come across this previously became apparent when I noticed this bit in the directive: ‘Compatibility: …; defaulted to disabled in version 2.3.14 and earlier.’
I was able to stop the timeout by adding the following to my VirtualHostRequestReadTimeout header=0,MinRate=500 body=0,MinRate=500
However, this isn’t ideal because it defeats the purpose of the mod - that is, to prevent DDoS attacks like Slowloris
The mod gets applied at the contexts: ‘server config, virtual host’, so can’t be set for a specific category.