Update on protection against slowloris
Eirik Øverby
ltning at anduin.net
Thu Oct 1 18:20:11 UTC 2009
On 1. okt. 2009, at 10.59, Tom Evans wrote:
> On Thu, 2009-10-01 at 02:40 +0200, Thomas Rasmussen wrote:
>> Martin Turgeon wrote:
>>> Hi list!
>>>
>>> We tested mod_antiloris 0.4 and found it quite efficient, but before
>>> putting it in production, we would like to hear some feedback from
>>> freebsd users. We are using Apache 2.2.x on Freebsd 6.2 and 7.2. Is
>>> anyone using it? Do you have any other way to patch against
>>> Slowloris
>>> other than putting a proxy in front or using the HTTP accept filter?
>>>
>>> Thanks for your feedback,
>>>
>>> Martin
>>> _______________________________________________
>>> freebsd-security at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-security
>>> To unsubscribe, send any mail to
>>> "freebsd-security-unsubscribe at freebsd.org"
>> Hello,
>>
>> I am using it succesfully although not under any serious load, same
>> Apache and FreeBSD versions. I found it easy (compared to the
>> alternatives) and efficient, and no I don't know of any other ways of
>> blocking the attack, short of using Varnish or similar. However,
>> accf_http doesn't help at all, since HTTP POST requests bypass the
>> filter. HTTP POST can be enabled by passing the -httpready switch to
>> Slowloris.
>>
>> Please report back with your findings, I've been wondering how it
>> would perform under load.
>>
>> Best of luck with it,
>>
>> Thomas Rasmussen
>
> We use Apache 2.2 with the event MPM. This configuration is immune to
> slowloris, as it was designed (several years before 'slowloris' came
> along) to solve that exact problem.
Without SSL, I presume?
/Eirik
More information about the freebsd-security
mailing list