Why are "Request header read timeout" messages in error log when page loads are short?

Question

I am running a Rails application with Apache 2.4.10 and mod_passenger. The site uses https exclusively. I am seeing these messages in my error log:

[Wed May 31 19:05:37.528070 2017] [reqtimeout:info] [pid 11111] [client 10.100.23.2:57286] AH01382: Request header read timeout  
[Wed May 31 19:05:37.530672 2017] [reqtimeout:info] [pid 11229] [client 10.100.23.2:57288] AH01382: Request header read timeout  
[Wed May 31 19:05:37.890259 2017] [reqtimeout:info] [pid 10860] [client 10.100.23.2:57271] AH01382: Request header read timeout  
[Wed May 31 19:05:37.890383 2017] [reqtimeout:info] [pid 10859] [client 10.100.23.2:57272] AH01382: Request header read timeout  
[Wed May 31 19:05:37.890459 2017] [reqtimeout:info] [pid 10862] [client 10.100.23.2:57285] AH01382: Request header read timeout  
[Wed May 31 19:05:37.947942 2017] [reqtimeout:info] [pid 10863] [client 10.100.23.2:57287] AH01382: Request header read timeout 

These messages appear in the error log about two to three seconds after the end of my page load. However, the complete page load takes only a few seconds. I am using mod_reqtimeout with this setting:

RequestReadTimeout header=20-40,minrate=500

Since the page load only takes a few seconds I do not understand why the Request header read timeout messages are being logged to the error log.

Why are these messages appearing and what can I do to remedy this?

Answer 1

Are you sure you are "10.100.23.2"?

reqtimeout as you may already know is to prevent Slow Loris attacks, that is requests that leave the connection open without sending any real data.

In this case, those connections are not sending any headers after 20 seconds, thus Apache ends up closing them.

It could very well be your favourite browser sending gazillions connections to grab content and using just a few, try with some simpler client browser, such as "curl", use a different browser, etc.