Update on protection against slowloris
Tom Evans
tevans.uk at googlemail.com
Thu Oct 1 09:29:28 UTC 2009
On Thu, 2009-10-01 at 02:40 +0200, Thomas Rasmussen wrote:
> Martin Turgeon wrote:
> > Hi list!
> >
> > We tested mod_antiloris 0.4 and found it quite efficient, but before
> > putting it in production, we would like to hear some feedback from
> > freebsd users. We are using Apache 2.2.x on Freebsd 6.2 and 7.2. Is
> > anyone using it? Do you have any other way to patch against Slowloris
> > other than putting a proxy in front or using the HTTP accept filter?
> >
> > Thanks for your feedback,
> >
> > Martin
> > _______________________________________________
> > freebsd-security at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-security
> > To unsubscribe, send any mail to
> > "freebsd-security-unsubscribe at freebsd.org"
> Hello,
>
> I am using it succesfully although not under any serious load, same
> Apache and FreeBSD versions. I found it easy (compared to the
> alternatives) and efficient, and no I don't know of any other ways of
> blocking the attack, short of using Varnish or similar. However,
> accf_http doesn't help at all, since HTTP POST requests bypass the
> filter. HTTP POST can be enabled by passing the -httpready switch to
> Slowloris.
>
> Please report back with your findings, I've been wondering how it
> would perform under load.
>
> Best of luck with it,
>
> Thomas Rasmussen
We use Apache 2.2 with the event MPM. This configuration is immune to
slowloris, as it was designed (several years before 'slowloris' came
along) to solve that exact problem.
Cheers
Tom
More information about the freebsd-security
mailing list