Add to Favourites Add to Favourites    Print this Article Print this Article

I'm being attacked by a slow-loris attack

Update: newer installs will have mod_reqtimeout, which is considered better than mod_antiloris.
To check, type:

/usr/sbin/httpd -l | grep mod_reqtimeout

and make sure you see mod_reqtimeout.c in the output.
Also check /etc/httpd/conf/extra/httpd-default.conf for:

 RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
or something similar.

A slow loris attack is one where an IP will connect to your apache server and clog up all child processes with it's specially formed requests (I won't get into the details as to how).

The solution is to install mod_antiloris to only allow a certain number of simulatenous connections per IP at a time (I believe they set it to 5 by default)

The registered apache mod_antiloris module is listed here:

Quick install instructions:

cd /root
chmod 755 installoris

Note that this module is for apache 2.x, and not 1.3.

Was this answer helpful?

Also Read