D
debian_guy
Guest
Slowloris is sometimes can be very vital attack that has capability of fill your connection limit of apache which is generally less than 250.Its like as the connection based equivalent of a SYN flood. Opening socket and cut the connection by client that you need to wait for it.
A best way to defend the server with timeout settings, which is fine to defend a single attacker but leads into new issues. mod_qos gives some fine-grained opportunities to scale the number of used connections and to defend an attack according to bandwidth limits. Here is the way that helps protecting from slowloris on my apache server on debian based systems.
First install mod_qos package for apache2
apt-get install libapache2-mod-qos
mod_qos config file:
/etc/apache2/mods-available/qos.conf
Enable mod_qos module
a2enmod mod qos
Restart apache2
service apache2 restart
Test if the attack continues afterward by connections status and tweak your qos config until it fits for you
apachectl status
A best way to defend the server with timeout settings, which is fine to defend a single attacker but leads into new issues. mod_qos gives some fine-grained opportunities to scale the number of used connections and to defend an attack according to bandwidth limits. Here is the way that helps protecting from slowloris on my apache server on debian based systems.
First install mod_qos package for apache2
apt-get install libapache2-mod-qos
mod_qos config file:
/etc/apache2/mods-available/qos.conf
Code:
<IfModule qos_module>
[B] # minimum request rate (bytes/sec at request reading):
#QS_SrvRequestRate 120
# limits the connections for this virtual host:
#QS_SrvMaxConn 100
# allows keep-alive support till the server reaches 600 connections:
#QS_SrvMaxConnClose 600
# allows max 50 connections from a single ip address:
QS_SrvMaxConnPerIP 50
</IfModule>
Enable mod_qos module
a2enmod mod qos
Restart apache2
service apache2 restart
Test if the attack continues afterward by connections status and tweak your qos config until it fits for you
apachectl status
Last edited: