Paid Advertising
web application security lab

Mod_Security and Slowloris

3 posts left…

After all the press around Wong Onn Chee and Tom Brennan’s version of a HTTP DoS attack, I think people started taking HTTP DoS a tad more seriously. Yes, there are lots of variants of HTTP based DoS attack, and I’m sure more tools will surface over time. The really interesting part is how both Apache and IIS has disagreed that it is their problem to fix. So we are left to fend for ourselves. Enter mod_security (at least for Apache).

When I originally tested Slowloris against mod_security, it had no chance of solving the problem. I spoke with Ivan Ristic who said that it simply ran too late (same thing with .htaccess, and many other things built into Apache). So the world was at a bit of a loss when the DoS originally came out. Now with the latest changes in mod_security at least we now have a viable (non experimental) solution other than using alternate webservers, load balancers or networking solutions. Very cool stuff!

Comments are closed.