I'm being attacked by a slow-loris attack
: newer installs will have mod_reqtimeout, which is considered better than mod_antiloris.
To check, type:
/usr/sbin/httpd -l | grep mod_reqtimeout
and make sure you see mod_reqtimeout.c
in the output.
Also check /etc/httpd/conf/extra/httpd-default.conf for:
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
or something similar.
A slow loris attack is one where an IP will connect to your apache server and clog up all child processes with it's specially formed requests (I won't get into the details as to how).
The solution is to install mod_antiloris to only allow a certain number of simulatenous connections per IP at a time (I believe they set it to 5 by default)
The registered apache mod_antiloris module is listed here:
Quick install instructions:
chmod 755 installoris
Note that this module is for apache 2.x, and not 1.3.