Protecting nginx from syn flood and DOS vs legit heavy traffic

Rt Ibmer rtibmx at
Wed Jul 2 19:08:47 MSD 2008

> A severe TCP connect attack would impact nginx more, but
> the affect of it
> can be
> minimized with a small client_header_timeout and/or
> client_body timeout.

Thanks for the tips. Can you explain what LEGITIMATE conditions could cause a client_header_timeout and/or client_body_timeout condition?

The default for those is 60 seconds which seems much higher than I think we need, so I would like to more aggressively shrink those down.

In case it matters, our nginx is the front end server for a web service.  Basically we get a request for a small htm or xml or js or gif file and serve it, and then that is the end of the content.

What setting do you think I can use for those timeouts to be more aggressive but without running the chance of returning timing legitimate requests out?  Thanks!!


More information about the nginx mailing list