Mobile app version of vmapp.org
Login or Join
Hamm4606531

: Keepalive Timeout For Security We have been recommended to enable keep alive to increase site speed. However, our infrastructure team have mentioned the following security concern: This could be

@Hamm4606531

Posted in: #PageSpeed

We have been recommended to enable keep alive to increase site speed. However, our infrastructure team have mentioned the following security concern:

This could be used for a denial of service attack if it is not handled properly. If these keep alive sessions effectively last, say for 10 minutes, the server has to keep this connection open for 10 minutes regardless whether any requests or responses are being made. This alone would take up unnecessary server resources that could be used for active connections. An attacker could create multiple TCP connections to a server to overload it with requests to the point it cannot handle anymore because of these open sessions.

Is this something that anyone has considered and if so, is a 5 second connection worth it?

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Hamm4606531

2 Comments

Sorted by latest first Latest Oldest Best

 

@Shakeerah822

Use a keepalive timeout, but do it with Nginx.

Your points about DDoS and performance are correct, but there is a fairly simple way to use a keepalive timeout for performance without worrying that attackers will open more TCP connections than your server can handle. With Nginx proxying connections for you, it uses its own local pool of keepalive conections back to your server(s) so you don't have to worry about this kind of abuse.

One thing to remember though, IE closes connections after 60 seconds by itself so there's no point in setting it longer if you have many IE users.

Your question does not mention which server or protocol (HTTP / HTTPS?) you use, but you should definitely look at using HTTP/2 to serve your site over TLS if high concurrency and speed are the objective.

10% popularity Vote Up Vote Down


 

@Chiappetta492

Don't change it. If you do not understand what this does, don't change this type of setting. Frankly, I doubt it'll help anyway if you make any changes, as most settings on a webserver are balanced default settings. If it's off you can turn it on, but changing the settings is more of a special-case-solution.

If it's speed you're after, I suggest the following:


Cache everything that can be cached 1
Minimize css, html and javascript 2
Minimize the number of resources(files) you download 2
Optimize images with services like Kraken.io to reduce size
Enabled gzipping 1


That'll actually give you a noticable difference.

1Tip: You can easily do this with .htaccess
2Tip: Make a single php file to do this for you

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme