httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guenter Knauf <fua...@apache.org>
Subject Re: Mitigating the Slowloris DoS attack
Date Mon, 22 Jun 2009 02:27:16 GMT
Hi Andreas,
Andreas Krennmair schrieb:
> For those who are still unaware of the Slowloris attack, it's a
> denial-of-service attack that consumes Apache's resources by opening up
> a great number of parallel connections and slowly sending partial
> requests, never completing them. Since Apache limits the number of
> parallel clients it serves (the MaxClients setting), this blocks further
> requests from being completed. Unlike other "traditional" TCP DoS
> attacks, this HTTP-based DoS attack requires only very little network
> traffic in order to be effective.  Information about the Slowloris
> attack including a PoC tool was published here:
> http://ha.ckers.org/slowloris/
> 
> I thought for some time about the whole issue, and then I developed a
> proof-of-concept patch for Apache 2.2.11 (currently only touches the
> prefork MPM), which you can download here:
> http://synflood.at/tmp/anti-slowloris.diff
wouldnt limiting the number of simultanous connections from one IP
already help? F.e. something like:
http://gpl.net.ua/modipcount/downloads.html

Guenter.


Mime
View raw message