William A. Rowe, Jr. wrote:
So basically, Fame and Gratitude (and an Apache teeshirt ?) await whoever can design an effective strategy against this.André Warnier wrote:fredk2 wrote:Would'nt you think that a (simple) timer for the header could fend off some of the effect. Can't we assume that if it takes more than 3 second to enter the header we do not want that client (i'll have to learn to type faster in telnet :-).For the headers, I think it might help. But I'm sure that then the attack would switch to sending the headers fast, and then a long POST body, veeeeery slowly... On another track, it seems that the "Event MPM" model of Apache also is relatively insensitive to the slowloris thing.... except, again for POST bodies. Event MPM does not help, there.
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|