Some comments: - All Apache MPMs are affected. The sole exception may be if you use the event MPM without SSL.
- The slowloris attack leaves plenty of error 400 entries in the access log. - Using iptables connlimit with a reasonable maximum number of connections per IP (like 1/5 or 1/10 of what you server can handle) will give you good protection from single attacking hosts. When the attacker has many hosts (i.e. a botnet) you have lost anyway. - mod_antiloris has some design issues as discussed on the httpd-dev mailing list. Also, it does not protect against a slightly modified attack. Therefore mod_antiloris is not the general solution. - I hope that mod_reqtimeout may be a better approach, but the discussion and testing is not finished yet. For now, the recommendation is to use iptables. -- apache2 DoS attack using slowloris https://bugs.launchpad.net/bugs/392759 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
