Normally, this happen when hacker use slowloris tool to hold the connection of your Apache Web Server until your web server went down. For my testing, I use “HTTP attack version 3.6 (slow headers and slow POST)” tools to conduct the testing. Please visit http://code.google.com/p/slowhttptest/
How to avoid this?
Step 1: Open httpd.conf file and uncomment this line :
LoadModule reqtimeout_module modules/mod_reqtimeout.so
Step 2: Add this tag in httpd.conf
<IfModule
reqtimeout_module>
# Wait max 10 seconds for the first byte of the request line+headers
# From then, require a minimum data rate of 500 bytes/s, but don't
# wait longer than 20 seconds in total.
RequestReadTimeout header=10-20,minrate=500
# Wait max 10 seconds for the first byte of the request body (if any)
# From then, require a minimum data rate of 500 byte/s.
RequestReadTimeout body=10,minrate=500
</IfModule>
Restart your web server.Voila, your Apache Web Server is safe now!
</IfModule>
Restart your web server.Voila, your Apache Web Server is safe now!
2 comments:
What could be done if you are running a Windows 2K8R2 server that doesn't have a standalone version of Apache with an httpd.conf to add such modules and settings?
It's tomcat/apache embedded in a particuliar product that doesn't seem to allow much tweaking, but the vulnerability shows up and thus needs to be addressed.
You may place the Apache in front of your tomcat.
Post a Comment