httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <tevans...@googlemail.com>
Subject Re: [users@httpd] Apache 1.x & 2.x vulnerability against simple DoS attacks
Date Tue, 23 Jun 2009 16:26:46 GMT
On Tue, 2009-06-23 at 16:36 +0100, Damian Myerscough wrote:
> Hello,
> 
> 
> Isn't the 'event MPM' experimental? 
> 
> 
> Wouldn't 'worker MPM' work better?
> 
> 2009/6/23 Tom Evans <tevans.uk@googlemail.com>
>         On Tue, 2009-06-23 at 15:11 +0200, Bastien LEGRAS wrote:
>         > Hi,
>         >
>         > I just tried the perl script against my 2.2 apache under
>         ubuntu 8.04
>         > and found I could make my apache server unavailable in 30
>         sec with the
>         > little hack script you can find here
>         http://ha.ckers.org/slowloris/
>         >
>         > Has anyone heard of a configuration or a ongoing fix to
>         protect Apache
>         > against such attacks ?
>         >
>         > Thanks
>         >
>         > --
>         > Cordialement / Best Regards
>         >
>         > Bastien LEGRAS
>         >
>         
>         
>         Use the event MPM rather than prefork. Other people are
>         suggesting
>         mod_evasive would prevent it, but I have not verified that.
>         
>         Cheers
>         
>         Tom
>         
>         

The event MPM is marked experimental because it does not support input
filters, eg mod_ssl. Apart from that it is production stable, and we
have used it in production for > 2 years - it is _awesome_, I am
constantly amazed at how efficient it is.

Using the worker MPM would not prevent the slowloris DoS tool from
having an effect as much as the event MPM. slowloris has virtually no
effect on event MPM.

Cheers

Tom



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message