On Tue, 2009-06-23 at 16:36 +0100, Damian Myerscough wrote: > Hello, > > > Isn't the 'event MPM' experimental? > > > Wouldn't 'worker MPM' work better? > > 2009/6/23 Tom Evans <tevans.uk@xxxxxxxxxxxxxx> > On Tue, 2009-06-23 at 15:11 +0200, Bastien LEGRAS wrote: > > Hi, > > > > I just tried the perl script against my 2.2 apache under > ubuntu 8.04 > > and found I could make my apache server unavailable in 30 > sec with the > > little hack script you can find here > http://ha.ckers.org/slowloris/ > > > > Has anyone heard of a configuration or a ongoing fix to > protect Apache > > against such attacks ? > > > > Thanks > > > > -- > > Cordialement / Best Regards > > > > Bastien LEGRAS > > > > > Use the event MPM rather than prefork. Other people are > suggesting > mod_evasive would prevent it, but I have not verified that. > > Cheers > > Tom > > The event MPM is marked experimental because it does not support input filters, eg mod_ssl. Apart from that it is production stable, and we have used it in production for > 2 years - it is _awesome_, I am constantly amazed at how efficient it is. Using the worker MPM would not prevent the slowloris DoS tool from having an effect as much as the event MPM. slowloris has virtually no effect on event MPM. Cheers Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|