Works On

Viewing:

Ubuntu 24.04 LTS (Noble Numbat)

Same on:

Debian 13 (Trixie)

Other versions:

Details

Size: 21 lines
MD5: 30ef0f5bd709e44eeee85e9f847000c0
SHA256: 1a524eed41c0c58ac98627676e23f784099163f02fe8d8d53c91969d59152b41

/etc/apache2/mods-available/reqtimeout.conf

# mod_reqtimeout limits the time waiting on the client to prevent an
# attacker from causing a denial of service by opening many connections
# but not sending requests. This file tries to give a sensible default
# configuration, but it may be necessary to tune the timeout values to
# the actual situation. Note that it is also possible to configure
# mod_reqtimeout per virtual host.


# Wait max 20 seconds for the first byte of the request line+headers
# From then, require a minimum data rate of 500 bytes/s, but don't
# wait longer than 40 seconds in total.
# Note: Lower timeouts may make sense on non-ssl virtual hosts but can
# cause problem with ssl enabled virtual hosts: This timeout includes
# the time a browser may need to fetch the CRL for the certificate. If
# the CRL server is not reachable, it may take more than 10 seconds
# until the browser gives up.
RequestReadTimeout header=20-40,minrate=500

# Wait max 10 seconds for the first byte of the request body (if any)
# From then, require a minimum data rate of 500 bytes/s
RequestReadTimeout body=10,minrate=500

Copy & Paste

curl:

curl https://exampleconfig.com/api/v1/config/original/30ef0f5bd709e44eeee85e9f847000c0?hint=reqtimeout.conf

wget:

wget -O reqtimeout.conf https://exampleconfig.com/api/v1/config/original/30ef0f5bd709e44eeee85e9f847000c0?hint=reqtimeout.conf

For AI Agents

<prompt><role>DevOps agent</role><source url='https://exampleconfig.com/api/v1/config/original/30ef0f5bd709e44eeee85e9f847000c0?hint=reqtimeout.conf' /><config><app>Apache HTTP Server</app><os>Ubuntu 24.04 LTS (Noble Numbat)</os><location>/etc/apache2/mods-available/reqtimeout.conf</location><lines>21</lines><md5>30ef0f5bd709e44eeee85e9f847000c0</md5><sha256>1a524eed41c0c58ac98627676e23f784099163f02fe8d8d53c91969d59152b41</sha256></config></prompt>

Paste into Claude, ChatGPT, or any AI assistant.

Install Apache HTTP Server

Alpine Linux

sudo apk add apache2

Debian

sudo apt update && sudo apt install apache2

Red Hat Enterprise Linux

sudo yum install httpd

Ubuntu

sudo apt update && sudo apt install apache2

File Location

File Path

/etc/apache2/mods-available/reqtimeout.conf

FAQ

When should I use this reqtimeout.conf?

Use it to restore a missing default, confirm what shipped, or diff against your current Apache HTTP Server config.

How do I restore Apache HTTP Server defaults?

Download the file, back up the current one in /etc/apache2/mods-available/reqtimeout.conf, replace it, then reload or restart Apache HTTP Server.

Is reqtimeout.conf safe for production?

It is the vendor default for Ubuntu 24.04 LTS (Noble Numbat). Treat it as a baseline and review security and performance settings before production use.

How does this differ from other OS versions?

Defaults vary by distro and version. This copy matches Ubuntu 24.04 LTS (Noble Numbat).

Can I use this for Apache HTTP Server troubleshooting?

Yes. Diff it against yours to find drift, then restore only the sections you need.

Apache HTTP Server /etc/apache2/mods-available/reqtimeout.conf