httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: mod_noloris: mitigating against slowloris-style attack
Date Thu, 25 Jun 2009 14:19:25 GMT
Plüm, Rüdiger, VF-Group wrote:

>> Is this worth hacking up, or more trouble than it saves?
> 
> I guess the approach is good, but there are already modules in the
> wild that provide this. So the question is: Should we do our own?
> BTW: I remember that there was a request a while ago to move mod_limitipconn
> (one of those modules) inside httpd, but I haven't got the archives
> at hand right now to check. Maybe an idea to come back to this.

mod_limitipconn works at the request level, so won't help with
slowloris-style attacks.  Same goes for mod_evasive - someone
posted "mod_evasive doesn't help" on users@, and that'll be why.

I'm not sure whether any of the traffic-management modules
work on connections (anyone know)?  If so, then yes, we could
just point to them as a fix until we produce something better
than mod_noloris.

-- 
Nick Kew

Mime
View raw message