Hey guys, I am making a denial of service attack on my Apache configuration and I need to change the timeout variable inside the Apache configuration.

My issue is, I can’t find the timeout line or any other insructions inside the httpd.conf file.(Inside etc/apache2)

All the file contains are includes to other files and I’ve looked in all of them without success(expcet for the keepAlive).

Is it possible that these lines are not inside my configuration? I doubt it because my DoS attack didn’t even affect Apache.

P.S I used Yast to install apache2.

Maybe I’m missing something but how does timeout effect a DoS? Unless I’m mistaken it’s more a question of how many people you can reply to i.e concurrency.

Not whether one person hangs around that is taking little bandwidth.

I got to 20 and was seeing noticeable affects had I had better cooling I might of pushed it further but it was already too hot for my liking.

Anyway my understanding is the default is 300 secs already, which kinda confirms my thoughts, I doubt pushing it up further is going to help the DoS. https://httpd.apache.org/docs/2.0/mod/core.html#timeout

All I want to know, is WHY does the <timeout> variable or many others AREN’T in my HTTPD.CONF file.

Maybe it stores it somewhere else, cause on Ubuntu it’s all inside apache.conf

It just uses the compiled default of 300 if not specified. You can add it yourself if you like, either in server-tuning.conf or inside a vhost conf.

core - Apache HTTP Server

I don’t see from the description how it would help much with a DoS, but there’s nothing to stop you setting it lower.