Update on protection against slowloris

István leccine at gmail.com
Thu Oct 1 18:46:04 UTC 2009 

"The bad news is that it can indeed take a badly-configured apache server
down, and the worse news is that that includes a low-traffic out-of-the box
configuration.  Even with the Event MPM, slowloris can tie up one worker
thread per connection."

for sure




2009/10/1 Eirik Øverby <ltning at anduin.net>

>
> On 1. okt. 2009, at 10.59, Tom Evans wrote:
>
>  On Thu, 2009-10-01 at 02:40 +0200, Thomas Rasmussen wrote:
>>
>>> Martin Turgeon wrote:
>>>
>>>> Hi list!
>>>>
>>>> We tested mod_antiloris 0.4 and found it quite efficient, but before
>>>> putting it in production, we would like to hear some feedback from
>>>> freebsd users. We are using Apache 2.2.x on Freebsd 6.2 and 7.2. Is
>>>> anyone using it? Do you have any other way to patch against Slowloris
>>>> other than putting a proxy in front or using the HTTP accept filter?
>>>>
>>>> Thanks for your feedback,
>>>>
>>>> Martin
>>>> _______________________________________________
>>>> freebsd-security at freebsd.org mailing list
>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-security
>>>> To unsubscribe, send any mail to
>>>> "freebsd-security-unsubscribe at freebsd.org"
>>>>
>>> Hello,
>>>
>>> I am using it succesfully although not under any serious load, same
>>> Apache and FreeBSD versions. I found it easy (compared to the
>>> alternatives) and efficient, and no I don't know of any other ways of
>>> blocking the attack, short of using Varnish or similar. However,
>>> accf_http doesn't help at all, since HTTP POST requests bypass the
>>> filter. HTTP POST can be enabled by passing the -httpready switch to
>>> Slowloris.
>>>
>>> Please report back with your findings, I've been wondering how it
>>> would perform under load.
>>>
>>> Best of luck with it,
>>>
>>> Thomas Rasmussen
>>>
>>
>> We use Apache 2.2 with the event MPM. This configuration is immune to
>> slowloris, as it was designed (several years before 'slowloris' came
>> along) to solve that exact problem.
>>
>
> Without SSL, I presume?
>
> /Eirik
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org
> "
>



-- 
the sun shines for all

More information about the freebsd-security mailing list