How about coding a module looking how many bytes are read and if there
is too little chunk of data, close the connection.
Something like a MinDataReadSize. If the read() function read too little
data, close() the socket... Dunno if it's possible to hook directly in
connection hook to do this...


William A. Rowe, Jr. wrote:
> Andreas Krennmair wrote:
>> * Guenter Knauf <fua...@apache.org> [2009-06-22 04:30]:
>>> wouldnt limiting the number of simultanous connections from one IP
>>> already help? F.e. something like:
>>> http://gpl.net.ua/modipcount/downloads.html
>> Not only would this be futile against the Slowloris attack (imagine n
>> connections from n hosts instead of n connections from 1 host), it would
>> also potentially lock out groups of people behind the same NAT gateway.
> FWIW mod_remoteip can be used to partially mitigate the weakness of this
> class of solutions.
> However, it only works for known, trusted proxies, and can only be safely
> used for those with public IP's.  Where the same on your private
> NAT backed becomes the same within the apache server's DMZ, the
> issues like Allow from become painfully obvious.  I haven't
> found a good solution, but mod_remoteip still needs one, eventually.

Reply via email to