Allows you to search a variety of questions and answers
SLOWLORIS HTTP attack is pretty nifty ddos attack that targets your webserver, in most cases being Apache. It is difficult to mitigate, but a solution for Apache 2.2.x running on Cent 5.3 is as follows:
NOTE: You may need to install pcre-devel for the apxs command to work. Simply issue 'yum install pcre-devel'.
Slowloris HTTP DoS: A new and dangerous exploit out there for the apache server.
“Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at regular intervals to keep the sockets from closing. In this way webservers can be quickly tied up.”
In essence you can send a Denial Of Service attack to website using one laptop over a proxy.
Here will be a way of preventing the slowloris attack on apache 2.2.3 server running on centos 5.3
cd tmp/
wget http://sourceforge.net/projects/mod-...ar.gz/download
tar xvfz mod_qos-8.13-src.tar.gz
cd mod_qos-8.13/apache2
apxs -i -c mod_qos.c (if you do not have apxs then you have to yum install httpd-devel and make sure you edit out the exclude updates to httpd in your yum.conf file)
Libraries have been installed in:
/usr/lib/httpd/modules
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR’
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH’ environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH’ environment variable
during linking
- use the `-Wl,–rpath -Wl,LIBDIR’ linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf’
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
———————————————————————-
chmod 755 /usr/lib/httpd/modules/mod_qos.so
cd etc/httpd/conf
nano qos.conf
## QoS Settings
<IfModule mod_qos.c>
# handles connections from up to 100000 different IPs
QS_ClientEntries 100000
# will allow only 20 connections per IP
QS_SrvMaxConnPerIP 20
# maximum number of active TCP connections is limited to 256
MaxClients 256
# disables keep-alive when 70% of the TCP connections are occupied:
QS_SrvMaxConnClose 180
# minimum request/response speed (deny slow clients blocking the server, ie. slowloris keeping connections open without requesting anything):
QS_SrvMinDataRate 150 1200
# and limit request header and body (carefull, that limits uploads and post requests too):
# LimitRequestFields 30
# QS_LimitRequestBody 102400
</IfModule>
save it
edit httpd.conf
and add
LoadModule qos_module /usr/lib/httpd/modules/mod_qos.so
Include “/usr/local/apache/conf/qos.conf”
to their respective places
save httpd.conf
restart apache
NOTE: Be sure that mod_qos.so is loaded before the config file.
Sloworis will be heavily throttled
Hi guys, I am pretty satisfied with your service. Yes, I have experienced some downtime issues with my boxes, but you guys have always been right there for me, at my beck and call whenever I need you. Additionally, you guys are always more than fair when it comes to helping me configure my boxes with my DirectAdmin control panel. Overall, I am very pleased with the service, both in terms of the hardware I receive from you as well as the customer service. Prices seem to be quite fair too. Thanks, Ephi
I have a two small shared hosting packages and the price I pay I don't expect to receive very good support. I accept with any shared hosting uptime cannot be guaranteed neither can it be 100% and anyone who suggests otherwise is living a dream. However on the occasions I have opened a ticket they have been answered and investigated promptly. I have been with ayksolutions.com since Jun/18/2008 oh wow where has the time gone!