Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by niq: http://wiki.apache.org/httpd/DoS ------------------------------------------------------------------------------ The slowloris script: threat and limitations - The original slowloris is a perl script, though there are apparently other equivalent scripts floating around. My own testing involved the perl script, on OpenSolaris and Linux platforms. It works by opening huge numbers of concurrent connections to the target server, and holding them open so they are unavailable for normal traffic. + The original slowloris is a perl script, though there are apparently other equivalent scripts floating around. My own testing involved the perl script, on Opensolaris and Linux platforms. It works by opening huge numbers of concurrent connections to the target server, and holding them open so they are unavailable for normal traffic. - The slowloris author notes that the script was ineffective running on Windows, because it only made about 130 concurrent outgoing connections. I observed similar limitations on *X platforms: on OpenSolaris it was 252, and on Linux it was 1020. I suspect those could be varied by tuning the host's kernel parameters and/or the Perl build, but I haven't investigated that. + The slowloris author notes that the script was ineffective running on Windows, because it only made about 130 concurrent outgoing connections. I observed similar limitations on *X platforms: on Opensolaris it was 252, and on Linux it was 1020. I suspect those could be varied by tuning the host's kernel parameters and/or the Perl build, but I haven't investigated that. MaxClients @@ -21, +21 @@ Event MPM - The Event MPM is a partially-asynchronous processing model. However, my tests indicate that it is limited by MaxClients in the same way as other MPMs, and doesn't appear to offer any advantage over Worker in mitigating the effect of SlowLoris attacks. + The Event MPM is a partially-asynchronous processing model. However, my tests indicate that it is limited by MaxClients in the same way as other MPMs, and doesn't appear to offer any advantage over Worker in mitigating the effect of Slowloris attacks. Timeout + In http://mail-archives.apache.org/mod_mbox/httpd-users/200711.mbox/%3c22a657fa-0346-47f3-a72f-61eaeef3f...@apache.org%3e , Sander Temme wrote: + ''If you're being DOS attacked by trickle requests, you could try + setting a very low timeout (default is 5 minutes which doesn't seem + to be working for you) and perhaps use mod_evasive or somesuch to + flag and firewall the bad clients.'' + TBD: put some numbers to "low timeout". + Resource limits
