: Keepalive Timeout For Security We have been recommended to enable keep alive to increase site speed. However, our infrastructure team have mentioned the following security concern: This could be

@Shakeerah822

Use a keepalive timeout, but do it with Nginx.

Your points about DDoS and performance are correct, but there is a fairly simple way to use a keepalive timeout for performance without worrying that attackers will open more TCP connections than your server can handle. With Nginx proxying connections for you, it uses its own local pool of keepalive conections back to your server(s) so you don't have to worry about this kind of abuse.

One thing to remember though, IE closes connections after 60 seconds by itself so there's no point in setting it longer if you have many IE users.

Your question does not mention which server or protocol (HTTP / HTTPS?) you use, but you should definitely look at using HTTP/2 to serve your site over TLS if high concurrency and speed are the objective.

Vote Up Vote Down

@Chiappetta492

Don't change it. If you do not understand what this does, don't change this type of setting. Frankly, I doubt it'll help anyway if you make any changes, as most settings on a webserver are balanced default settings. If it's off you can turn it on, but changing the settings is more of a special-case-solution.

If it's speed you're after, I suggest the following:


Cache everything that can be cached 1
Minimize css, html and javascript 2
Minimize the number of resources(files) you download 2
Optimize images with services like Kraken.io to reduce size
Enabled gzipping 1


That'll actually give you a noticable difference.

1Tip: You can easily do this with .htaccess
2Tip: Make a single php file to do this for you

Vote Up Vote Down