Monday, January 28, 2013

Vulnerability fixes – HTTP Server Prone To Slow Denial Of Service Attack

What if your security team do vulnerability scanning and found out your Apache Web Server have the possibility of having "HTTP Server Prone To Slow Denial Of Service Attack"?

Normally, this happen when hacker use slowloris tool to hold the connection of your Apache Web Server until your web server went down. For my testing, I use “HTTP attack version 3.6 (slow headers and slow POST)” tools to conduct the testing. Please visit http://code.google.com/p/slowhttptest/

How to avoid this?

Step 1: Open httpd.conf file and uncomment this line :

LoadModule reqtimeout_module modules/mod_reqtimeout.so

                                                               
Step 2: Add this tag in httpd.conf

<IfModule reqtimeout_module> 
# Wait max 10 seconds for the first byte of the request line+headers
# From then, require a minimum data rate of 500 bytes/s, but don't
# wait longer than 20 seconds in total.
RequestReadTimeout header=10-20,minrate=500 
# Wait max 10 seconds for the first byte of the request body (if any)
# From then, require a minimum data rate of 500 byte/s.
RequestReadTimeout body=10,minrate=500 
</IfModule>

Restart your web server.
Voila, your Apache Web Server is safe now!

2 comments:

DBA_VA said...

What could be done if you are running a Windows 2K8R2 server that doesn't have a standalone version of Apache with an httpd.conf to add such modules and settings?

It's tomcat/apache embedded in a particuliar product that doesn't seem to allow much tweaking, but the vulnerability shows up and thus needs to be addressed.

MichaƂ Rakoczy said...

You may place the Apache in front of your tomcat.