How to Mitigate Slowloris Attacks

Question

How do you mitigate Slowloris attacks?

Answer

The Slowloris attack attempts to exhaust available server resources by opening a large number of connections to a target web server. Then, these connections are held open for as long as possible to prevent these resources from being freed. As there is a finite number of resources available to a web server, other clients will be unable to reach your server.

1. Log in to WHM as the root user
2. Navigate to Home / Service Configuration / Apache Configuration
3. Click Include Editor
4. Scroll down to the Pre Main Include dropdown, and select All Versions

5. Enter the following in the text box:

   CONFIG_TEXT: <IfModule mod_reqtimeout.c>
      RequestReadTimeout header=20-40,MinRate=500 body=20-40,MinRate=500
   </IfModule>

6. Click the Update button
7. Click the Restart Apache button to finish applying the include

This configuration will wait up to 20 seconds for header data. As long as the client sends header data at a rate of 500 bytes per second, the server will wait for up to 40 seconds for the headers to complete.

This configuration will also wait up to 20 seconds for body data. As long as the client sends header data at a rate of 500 bytes per second, the server will wait for up to 40 seconds for the body of the request to complete.

Additional Resources

How to Mitigate Slowloris Attacks {cPanel Docs}