Comment 7 for bug 392759
Revision history for this message
| Stefan Fritsch (sf-sfritsch) wrote Re: apache2 DoS attack using slowloris | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Some comments:
- All Apache MPMs are affected. The sole exception may be if you use the event MPM without SSL.
- The slowloris attack leaves plenty of error 400 entries in the access log.
- Using iptables connlimit with a reasonable maximum number of connections per IP (like 1/5 or 1/10 of what you server can handle) will give you good protection from single attacking hosts. When the attacker has many hosts (i.e. a botnet) you have lost anyway.
- mod_antiloris has some design issues as discussed on the httpd-dev mailing list. Also, it does not protect against a slightly modified attack. Therefore mod_antiloris is not the general solution.
- I hope that mod_reqtimeout may be a better approach, but the discussion and testing is not finished yet.
For now, the recommendation is to use iptables.