Hi Andreas, Andreas Krennmair schrieb: > For those who are still unaware of the Slowloris attack, it's a > denial-of-service attack that consumes Apache's resources by opening up > a great number of parallel connections and slowly sending partial > requests, never completing them. Since Apache limits the number of > parallel clients it serves (the MaxClients setting), this blocks further > requests from being completed. Unlike other "traditional" TCP DoS > attacks, this HTTP-based DoS attack requires only very little network > traffic in order to be effective. Information about the Slowloris > attack including a PoC tool was published here: > http://ha.ckers.org/slowloris/ > > I thought for some time about the whole issue, and then I developed a > proof-of-concept patch for Apache 2.2.11 (currently only touches the > prefork MPM), which you can download here: > http://synflood.at/tmp/anti-slowloris.diff wouldnt limiting the number of simultanous connections from one IP already help? F.e. something like: http://gpl.net.ua/modipcount/downloads.html
Guenter.
