"The bad news is that it can indeed take a badly-configured apache server down, and the worse news is that that includes a low-traffic out-of-the box configuration. Even with the Event MPM, slowloris can tie up one worker thread per connection."
for sure 2009/10/1 Eirik Øverby <ltn...@anduin.net> > > On 1. okt. 2009, at 10.59, Tom Evans wrote: > > On Thu, 2009-10-01 at 02:40 +0200, Thomas Rasmussen wrote: >> >>> Martin Turgeon wrote: >>> >>>> Hi list! >>>> >>>> We tested mod_antiloris 0.4 and found it quite efficient, but before >>>> putting it in production, we would like to hear some feedback from >>>> freebsd users. We are using Apache 2.2.x on Freebsd 6.2 and 7.2. Is >>>> anyone using it? Do you have any other way to patch against Slowloris >>>> other than putting a proxy in front or using the HTTP accept filter? >>>> >>>> Thanks for your feedback, >>>> >>>> Martin >>>> _______________________________________________ >>>> freebsd-security@freebsd.org mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-security >>>> To unsubscribe, send any mail to >>>> "freebsd-security-unsubscr...@freebsd.org" >>>> >>> Hello, >>> >>> I am using it succesfully although not under any serious load, same >>> Apache and FreeBSD versions. I found it easy (compared to the >>> alternatives) and efficient, and no I don't know of any other ways of >>> blocking the attack, short of using Varnish or similar. However, >>> accf_http doesn't help at all, since HTTP POST requests bypass the >>> filter. HTTP POST can be enabled by passing the -httpready switch to >>> Slowloris. >>> >>> Please report back with your findings, I've been wondering how it >>> would perform under load. >>> >>> Best of luck with it, >>> >>> Thomas Rasmussen >>> >> >> We use Apache 2.2 with the event MPM. This configuration is immune to >> slowloris, as it was designed (several years before 'slowloris' came >> along) to solve that exact problem. >> > > Without SSL, I presume? > > /Eirik > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org > " > -- the sun shines for all _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
