At the moment, the best defense is using iptables connlimit with a reasonable maximum number of connections per IP (like 1/5 or 1/10 of what your server can handle). This will give you good protection from single attacking hosts. When the attacker has many hosts (i.e. a botnet) you have lost anyway.
If you can't use iptables (e.g. if you only have some vserver), there is libapache2-mod-antiloris in Debian unstable and testing. The package should work in stable and oldstable, too. Mod_antiloris may be better than nothing, but the slowloris script can be easily modified to circumvent mod_antiloris. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
