Hi Ryan, Nice post. Thanks. Especially the combination of mod_reqtimeout and ModS is very elegant in my eyes.
I am not so happy with SecReadStateLimit looking only at the IP address. How do protect proxies from your countermeasures? A proxy might share multiple hundred legitimate connections with your server for multiple hundred legitimate clients, all appearing to come from the same IP address. Regs, Christian -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Ryan Barnett Gesendet: Mittwoch, 24. November 2010 02:45 An: [email protected]; [email protected] Betreff: [Owasp-modsecurity-core-rule-set] Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks This week's blog post - http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html -- Ryan Barnett Senior Security Researcher Trustwave - SpiderLabs _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
