httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: Mitigating the Slowloris DoS attack
Date Mon, 22 Jun 2009 18:00:25 GMT
Andreas Krennmair wrote:
> * Guenter Knauf <fuankg@apache.org> [2009-06-22 04:30]:
>> wouldnt limiting the number of simultanous connections from one IP
>> already help? F.e. something like:
>> http://gpl.net.ua/modipcount/downloads.html
> 
> Not only would this be futile against the Slowloris attack (imagine n
> connections from n hosts instead of n connections from 1 host), it would
> also potentially lock out groups of people behind the same NAT gateway.

FWIW mod_remoteip can be used to partially mitigate the weakness of this
class of solutions.

However, it only works for known, trusted proxies, and can only be safely
used for those with public IP's.  Where the same 10.0.0.5 on your private
NAT backed becomes the same 10.0.0.5 within the apache server's DMZ, the
issues like Allow from 10.0.0.0/8 become painfully obvious.  I haven't
found a good solution, but mod_remoteip still needs one, eventually.

Mime
View raw message