Hi all,

since I'm seeing worried people everywhere about the "apache
vulnerability" as they call it (while it's just a reuse of a
well-known weakness), and other people suggesting incomplete
haproxy configuration files, I have prepared a generic haproxy
configuration file to be installed without too much hassle in
front of any server at risk, and I'm posting it here as it
should help people find it more easily :


It requires that apache is moved to and that
haproxy is installed on pub:80 instead. It does no health
check (since some people find it hard to make them work),
and it is not a problem because there's only one server.

I have tested it against the Slowloris script and the Nkiller2
tool published in phrack (which is a very interesting method

I have not set any ACL, tarpit nor cookies so that the config
remains very basic. But of course it could be extended to detect
and block more precise patterns.


Reply via email to