httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <tevans...@googlemail.com>
Subject Re: [users@httpd] Apache 1.x & 2.x vulnerability against simple DoS attacks
Date Tue, 23 Jun 2009 13:58:40 GMT
On Tue, 2009-06-23 at 15:11 +0200, Bastien LEGRAS wrote:
> Hi,
> 
> I just tried the perl script against my 2.2 apache under ubuntu 8.04
> and found I could make my apache server unavailable in 30 sec with the
> little hack script you can find here http://ha.ckers.org/slowloris/
> 
> Has anyone heard of a configuration or a ongoing fix to protect Apache
> against such attacks ?
> 
> Thanks
> 
> -- 
> Cordialement / Best Regards
> 
> Bastien LEGRAS
> 

Use the event MPM rather than prefork. Other people are suggesting
mod_evasive would prevent it, but I have not verified that.

Cheers

Tom


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message