Denial of Service or Slow Loris – Apache/IHS

Updated on:

Overview

Slowloris or Slow HTTP DoS attack is a type of denial of service that can affect thread-based web servers such as Apache. This means that your Apache web servers for Faspex or Console are vulnerable to this attack (applications based on nginx, such as Shares, are safe).

The attack exploits the fact that Apache waits for complete HTTP headers to be received before closing an HTTP connection. This means that an attacker can send multiple incomplete GET requests and keep the connections open in order to block other users from getting their requests processed by the server.

Apache does have a default timeout of 300 seconds after which it stops waiting for incomplete HTTP headers and closes the connection, but since the timeout is reset once the client sends more data, an attacker can just continue to send garbage data and keep the connection open.

 

Implementation

To mitigate this you can lower the timeout value to maybe 60 seconds.

  • Go to $Web_Server/conf directory
  • Open httpd.conf using vi
  • Add following in httpd.conf

                TimeOut 300  

Change it to below

               TimeOut 60

Restart Apache Web Server.

 

More from Middleware Inventory

  • Disable WebServer Banner Apache/IHS

    Overview Don’t display or send Apache version (Set ServerTokens) By default, the server HTTP response header will contains apache and php version. Something similar to the following. This is harmful, as we don’t want an attacker to know about the specific version number. Apache can reveal information by default configuration,…

  • Cross Site Scripting Attack - Apache/IHS

    Overview   Cross Site Scripting (XSS) protection can be bypassed in many browsers. You can apply this protection for a web application if it was disabled by the user. This is used by a majority of giant web companies like Facebook, Twitter, Google, etc. Solution Go to $Web_Server/conf directory Open…

  • Remote Denial of Service Attack in IIS 6/7

    Overview CVE-2007-2897 Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM…

  • Apache Webserver Basic Authentication using htpasswd - How to

    Overview To Secure the Apache  Virtualhost (or) a particular document root /directory.  We can use this Basic Auth mechanism. When the user is trying to access the resource from the directory. User will be prompted  for Authentication.   Step1 Create a Password file with username and password entry using htpasswd  tool. Available…

  • How to integrate weblogic and apache web server - Steps

    Weblogic and Apache Webserver integration To Integrate Weblogic Application server with Apache Webserver, We have to install weblogic plugin on the Apache HTTP Server. Plugins for Apache will be available on Oracle (or) you can find them in your weblogic installed location under " ServerRoot/server/plugins" Under plugins directory of weblogic server…