Knowledgebase
I'm being attacked by a slow-loris attack
Update: newer installs will have mod_reqtimeout, which is considered better than mod_antiloris.
To check, type:
Also check /etc/httpd/conf/extra/httpd-default.conf for:
A slow loris attack is one where an IP will connect to your apache server and clog up all child processes with it's specially formed requests (I won't get into the details as to how).
The solution is to install mod_antiloris to only allow a certain number of simulatenous connections per IP at a time (I believe they set it to 5 by default)
The registered apache mod_antiloris module is listed here:
http://modules.apache.org/search.php?id=1783
Quick install instructions:
Note that this module is for apache 2.x, and not 1.3.
To check, type:
/usr/sbin/httpd -l | grep mod_reqtimeout
and make sure you see mod_reqtimeout.c in the output.Also check /etc/httpd/conf/extra/httpd-default.conf for:
or something similar.
A slow loris attack is one where an IP will connect to your apache server and clog up all child processes with it's specially formed requests (I won't get into the details as to how).
The solution is to install mod_antiloris to only allow a certain number of simulatenous connections per IP at a time (I believe they set it to 5 by default)
The registered apache mod_antiloris module is listed here:
http://modules.apache.org/search.php?id=1783
Quick install instructions:
cd /root
wget http://files.directadmin.com/services/all/mod_antiloris/installoris
chmod 755 installoris
./installoris
Note that this module is for apache 2.x, and not 1.3.