Re: Apache 1.x & 2.x vulnerability against simple DoS attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

Mod_evasive is unable to defend against this attack.

2009/6/23 Tom Evans <tevans.uk@xxxxxxxxxxxxxx>:
> On Tue, 2009-06-23 at 16:36 +0100, Damian Myerscough wrote:
>> Hello,
>>
>>
>> Isn't the 'event MPM' experimental?
>>
>>
>> Wouldn't 'worker MPM' work better?
>>
>> 2009/6/23 Tom Evans <tevans.uk@xxxxxxxxxxxxxx>
>>         On Tue, 2009-06-23 at 15:11 +0200, Bastien LEGRAS wrote:
>>         > Hi,
>>         >
>>         > I just tried the perl script against my 2.2 apache under
>>         ubuntu 8.04
>>         > and found I could make my apache server unavailable in 30
>>         sec with the
>>         > little hack script you can find here
>>         http://ha.ckers.org/slowloris/
>>         >
>>         > Has anyone heard of a configuration or a ongoing fix to
>>         protect Apache
>>         > against such attacks ?
>>         >
>>         > Thanks
>>         >
>>         > --
>>         > Cordialement / Best Regards
>>         >
>>         > Bastien LEGRAS
>>         >
>>
>>
>>         Use the event MPM rather than prefork. Other people are
>>         suggesting
>>         mod_evasive would prevent it, but I have not verified that.
>>
>>         Cheers
>>
>>         Tom
>>
>>
>
> The event MPM is marked experimental because it does not support input
> filters, eg mod_ssl. Apart from that it is production stable, and we
> have used it in production for > 2 years - it is _awesome_, I am
> constantly amazed at how efficient it is.
>
> Using the worker MPM would not prevent the slowloris DoS tool from
> having an effect as much as the event MPM. slowloris has virtually no
> effect on event MPM.
>
> Cheers
>
> Tom
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>



-- 
Regards,
Damian Myerscough

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux