From: Stefan Fritsch <sf@apache.org>
Date: Sun, 24 Jan 2010 17:27:41 +0000 (+0000)
Subject: Note that a firewall silently dropping packets is a mis-configuration.
X-Git-Tag: 2.3.6~556
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2211d9de6c2199e8aa82bc399c77571eebf2a565;p=thirdparty%2Fapache%2Fhttpd.git

Note that a firewall silently dropping packets is a mis-configuration.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@902605 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_ldap.xml b/docs/manual/mod/mod_ldap.xml
index 177dab95cb0..2b129364559 100644
--- a/docs/manual/mod/mod_ldap.xml
+++ b/docs/manual/mod/mod_ldap.xml
@@ -663,7 +663,9 @@ connection client certificates.</description>
     the LDAP_OPT_TIMEOUT option in the underlying LDAP client library, when available.</p>
 
     <p> If the timeout expires, httpd will retry in case an existing connection has
-    been silently dropped by a firewall.</p>
+    been silently dropped by a firewall. However, performance will be much better if
+    the firewall is configured to send TCP RST packets instead of silently dropping
+    packets.</p>
 
     <note>
     <p>Timeouts for ldap compare operations requires an SDK with LDAP_OPT_TIMEOUT, such as OpenLDAP &gt;= 2.4.4.</p>