Try DigitalOcean free for up to two months!

Protecting Apache From Slowloris

Discussion in 'Web Server' started by debian_guy, Aug 30, 2015.

  1. debian_guy

    debian_guy New Member

    Joined:
    Aug 30, 2015
    Messages:
    13
    Likes Received:
    2
    Slowloris is sometimes can be very vital attack that has capability of fill your connection limit of apache which is generally less than 250.Its like as the connection based equivalent of a SYN flood. Opening socket and cut the connection by client that you need to wait for it.

    A best way to defend the server with timeout settings, which is fine to defend a single attacker but leads into new issues. mod_qos gives some fine-grained opportunities to scale the number of used connections and to defend an attack according to bandwidth limits. Here is the way that helps protecting from slowloris on my apache server on debian based systems.

    First install mod_qos package for apache2
    apt-get install libapache2-mod-qos



    mod_qos config file:
    /etc/apache2/mods-available/qos.conf
    Code:
    <IfModule qos_module>
    
    [B]  # minimum request rate (bytes/sec at request reading):
      #QS_SrvRequestRate                                120
    
      # limits the connections for this virtual host:
      #QS_SrvMaxConn                                    100
    
      # allows keep-alive support till the server reaches 600 connections:
      #QS_SrvMaxConnClose                                600
    
      # allows max 50 connections from a single ip address:
      QS_SrvMaxConnPerIP                                50
    </IfModule>

    Enable mod_qos module
    a2enmod mod qos

    Restart apache2
    service apache2 restart

    Test if the attack continues afterward by connections status and tweak your qos config until it fits for you
    apachectl status
     
    Last edited: Aug 30, 2015
  2. arochester

    arochester Super Moderator Staff Member

    Joined:
    Nov 23, 2012
    Messages:
    1,179
    Likes Received:
    385
    Slowloris
     
  3. debian_guy

    debian_guy New Member

    Joined:
    Aug 30, 2015
    Messages:
    13
    Likes Received:
    2
    :) I cannot change the title. Thanks for the correction.
     

Share This Page