httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: mod_noloris: mitigating against slowloris-style attack
Date Wed, 01 Jul 2009 12:49:30 GMT
Gonzalo Arana wrote:
> Hi,
> 
> Keeping whitelist up to date is rather tricky.
> 
> How about having any/all of these directives?
> 
> # time between accept(2) call and the full request has been read.
> RequestTimeout   1
> 
> # minimum bandwith the user should have available to access this server.
> MinInRate             2KB/s
> MinOutRate             3KB/s

That'll completely exclude people on slow connections!
But it's something you could implement in a bandwidth-management
module.

> One extra note: it would be good to let these Min{In,Out}Rate be
> overriden for large files (audio/video files, for instance).

You don't have anything as specific as a file in a slowloris-type
attack.  You appear to be envisaging something much closer to
various (existing, third-party) bandwidth-management modules.

-- 
Nick Kew

Mime
View raw message