Does apache have a defense against a Slow Loris Attack?

Discussion in 'HOWTO-Related Questions' started by adamjedgar, May 6, 2018.

  1. adamjedgar

    adamjedgar Member

    i have just watched the following video

    The Slow Loris method of attack appears so simple in nature (65 lines of code and almost zero use of the hackers own bandwith during the attack) that one cannot help but laugh about it. But on a more serious note, it appears this type of attack is more of an issue with apache webservers because by design they open a new thread for each request.

    Apart from using an nginx webserver, has apache implemented a workaround for this kind of attack? For those of us running apache web servers, what do we do to combat it?
     
  2. ahrasis

    ahrasis Active Member

    According to a reply in serverfault, it also affects nginx web server if its default configuration is not tuned up properly. Gloris can be used to test whether your server is properly configured to handle this attack.
     
  3. Taleman

    Taleman Active Member HowtoForge Supporter

  4. adamjedgar

    adamjedgar Member

    In reading about slow loris type attacks using http...does this mean that ssl certificate websites with https are resilient against them?

    If so, can a webhost force all client websites to use only https to help protect against this type of attack through ispconfig control panel...ie disable http altogether?
     
  5. ahrasis

    ahrasis Active Member

    No. It is a valid request but delayed in accepting response. You need to tune your webserver to overcome it even if it is using nginx. The reply I posted above have a tool for you to check your webserver capability in handling such a situation, if any.
     

Share This Page