Some comments: - All Apache MPMs are affected. The sole exception may be if you use the event MPM without SSL.
- The slowloris attack leaves plenty of error 400 entries in the access log. - Using iptables connlimit with a reasonable maximum number of connections per IP (like 1/5 or 1/10 of what you server can handle) will give you good protection from single attacking hosts. When the attacker has many hosts (i.e. a botnet) you have lost anyway. - mod_antiloris has some design issues as discussed on the httpd-dev mailing list. Also, it does not protect against a slightly modified attack. Therefore mod_antiloris is not the general solution. - I hope that mod_reqtimeout may be a better approach, but the discussion and testing is not finished yet. For now, the recommendation is to use iptables. -- apache2 DoS attack using slowloris https://bugs.launchpad.net/bugs/392759 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
