[This is preliminary documentation and subject to change]

Setting Connection Timeout

This topic is under construction.

In addition, IIS6.0 will support connection limits over all sites total. This value, set at the /LM/W3SVC metabase level, restricts all connections to the web server itself.

The UI for the W3SVC itself (right-click the Web-Sites folder -> properties) should allow one to set the overall W3SVC connection limit setting.

When changing the total W3SVC connection limit in the WWW Service Master Properties UI, the UI should change the MaxGlobalConnections setting under the metabase path /LM/W3SVC.

IIS6.0 uses 2 properties to control connection limits:

MaxConnections: specifies the maximum number of simultaneous connections to a site. On Professional and Personal editions of Whistler, the valid values are 0-10. All other Whistler platforms have valid values from 0-unlimited (0xFFFFFFFF).
MaxGlobalConnections: specifies the maximum number of simultaneous connections to the server. The range of acceptable values is 0-unlimited (0xFFFFFFFF). This value is not applicable on Professional and Personal editions of Whistler.

IIS6.0 does not make use of the MaxEndpointConnectionssetting.

Given that the connection limits functionality has changed, the following needs to be documented completely:

The fact that now W3SVC and FTP have separate global connection limits
Changes to the UI on how and where to configure global connection limit properties

Timeouts

In IIS5, users/admins were able to configure the connection timeouts in both the WWW Service Master Properties and the Site configuration as well (under Web Site tab). Users should still be able to configure connection limits in the same places for IIS6.

As mentioned in Section 5.2, Connection Timeouts in IIS6 involve 3 settings:

ConnectionTimeout: specifies the amount of time the server will wait before disconnecting an idle connection. Assumes the functional role of the IIS5 ServerListenTimeout property, the purpose of which is to tell the server the amount of time to wait before disconnecting a client that has connected but has not sent any data.
MinFileKbSec: specifies the divisor used (min net bandwidth) to determine how long it should take to send the response.
HeaderWaitTimeout: specifies the amount of time, in seconds, the server should wait for all HTTP headers for the request (indicated by a double CR) to be received before disconnecting the client. Used to help prevent a common variant of the DoS attack that attempt to max out connection limits and not have those connections disconnected

Connection Timeouts have changed quite a bit since IIS5. Given this, the following UE requirements need to be met:

ServerListenTimeout functionality has been replaced by the global ConnectionTimeout setting (configured at the w3svc level). It should be noted that this property no longer exists.

To decide whether to limit connections

Use System Monitor to log the Current Connections, Maximum Connections, and Total Connection Attempts counters in at least the Web Service and FTP Service objects. Continue logging until you have a good sense of the normal range; typically, this can take several days, to a week, or more.

To limit the number of connections

In the IIS snap-in, select the Web site and click the Properties button to display its property sheets.
On the Web Site property sheet, select the Limited to option.
Type the maximum number of simultaneous connections you want to allow in the Maximum Connections box.
Note The Unlimited option permits as many simultaneous connections as your bandwidth and processor can support.
Type the connection timeout value in seconds in the Connection Timeout box.

Related Topics

For more information on capacity issues, see About Network Capacity Planning.
For information on how to throttle bandwidth, which is another way to limit connections to your Web server, see Throttling Bandwidth.
For information on setting the CGI timeout, see Caching Applications.
For a list of counters provided by IIS, see Counters Reference.
For a list of all timeout values that can be set by IIS, see Timeouts Reference.