httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Damian Myerscough <damian.myersco...@gmail.com>
Subject Re: [users@httpd] Apache 1.x & 2.x vulnerability against simple DoS attacks
Date Tue, 23 Jun 2009 19:09:58 GMT
Hello,

Mod_evasive is unable to defend against this attack.

2009/6/23 Tom Evans <tevans.uk@googlemail.com>:
> On Tue, 2009-06-23 at 16:36 +0100, Damian Myerscough wrote:
>> Hello,
>>
>>
>> Isn't the 'event MPM' experimental?
>>
>>
>> Wouldn't 'worker MPM' work better?
>>
>> 2009/6/23 Tom Evans <tevans.uk@googlemail.com>
>>         On Tue, 2009-06-23 at 15:11 +0200, Bastien LEGRAS wrote:
>>         > Hi,
>>         >
>>         > I just tried the perl script against my 2.2 apache under
>>         ubuntu 8.04
>>         > and found I could make my apache server unavailable in 30
>>         sec with the
>>         > little hack script you can find here
>>         http://ha.ckers.org/slowloris/
>>         >
>>         > Has anyone heard of a configuration or a ongoing fix to
>>         protect Apache
>>         > against such attacks ?
>>         >
>>         > Thanks
>>         >
>>         > --
>>         > Cordialement / Best Regards
>>         >
>>         > Bastien LEGRAS
>>         >
>>
>>
>>         Use the event MPM rather than prefork. Other people are
>>         suggesting
>>         mod_evasive would prevent it, but I have not verified that.
>>
>>         Cheers
>>
>>         Tom
>>
>>
>
> The event MPM is marked experimental because it does not support input
> filters, eg mod_ssl. Apart from that it is production stable, and we
> have used it in production for > 2 years - it is _awesome_, I am
> constantly amazed at how efficient it is.
>
> Using the worker MPM would not prevent the slowloris DoS tool from
> having an effect as much as the event MPM. slowloris has virtually no
> effect on event MPM.
>
> Cheers
>
> Tom
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>



-- 
Regards,
Damian Myerscough

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message