Configuring WebSEAL connection timeout settings

Edit the WebSEAL configuration file so that you can configure the timeout settings for HTTP and HTTPS communication.

About this task

The following flow diagram shows where the timeout settings affect an example request and response exchange. The number of fragments that are indicated for the request and the response are for sample purposes only.

Figure 1. Timeout settings for HTTP and HTTPS communication
Timeout settings for HTTP and HTTPS communication

The stanza entries for timeout settings are in the server stanza of the WebSEAL configuration file.

Specifies how long WebSEAL holds the connection open for the initial HTTP or HTTPS request after the initial connection handshake. The default value is 120 seconds.
client-connect-timeout = 120
Specifies the number of seconds, between each request data fragment when request and response data is sent as two or more fragments.
The stanza entry also governs the timeout between response data fragments after the first data fragment is returned by WebSEAL. The default value is 60 seconds.
intra-connection-timeout = 60
If the value of this stanza entry is 0, connection timeouts between data fragments are governed by the client-connect-timeout stanza entry. The exception to this rule occurs for responses that are returned over HTTP or TCP. In this case, there is no timeout between response fragments.
If a connection timeout occurs on a non-first data fragment due to the intra-connection-timeout setting, a TCP reset packet is sent.
Controls the maximum number of seconds that WebSEAL holds an HTTP persistent connection open for a new client request before the connection is shut down.
The HTTP persistent connection opens after the HTTP request and server response exchange is complete. The default value is 5 seconds.
persistent-con-timeout = 5
If the value of this stanza entry is 0, the connection does not remain open for future requests. A value of zero causes WebSEAL to set the Connection: close header and then close the connection on every response.
Note: The timeout setting on the junction side is set by the persistent-con-timeout entry in the [junction] stanza.


  1. Log in to the local management interface.
  2. From the top menu, select Secure Web Settings > Manage > Reverse Proxy.
  3. Select your instance.
  4. Select Manage > Configuration > Edit Configuration File.
  5. Edit the stanza by using the information in About this task.
  6. Save and deploy your changes.