William A. Rowe, Jr. wrote:
André Warnier wrote:
fredk2 wrote:
Would'nt you think that a (simple) timer for the header could fend off
some
of the effect. Can't we assume that if it takes more than 3 second to
enter
the header we do not want that client (i'll have to learn to type
faster in
telnet :-).
For the headers, I think it might help.
But I'm sure that then the attack would switch to sending the headers
fast, and then a long POST body, veeeeery slowly...
On another track, it seems that the "Event MPM" model of Apache also is
relatively insensitive to the slowloris thing.
... except, again for POST bodies. Event MPM does not help, there.
So basically, Fame and Gratitude (and an Apache teeshirt ?) await
whoever can design an effective strategy against this.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
