Mitigating slowloris attack
I am randomly getting slowloris style attacks on my server. Using the info found on here and other places I have determined that the attacks are primarily coming from a large block of IP's in Singapore that all begin with the number 47.128.xx.xx. This started a few days ago and seems to come back every 6-8 hours.
I heard about mod_qos but when I try to add it to my easy apache it tells me that it has to uninstall some things that I am unaware of whether it is important or not:
The following conflicts are installed on this machine. They will be removed as part of this package selection:
- mod_mpm_prefork
- mod_cgi
- mod-qos
- mod_mpm_worker
- mod_cgid
-
Hey there! If you have the range of IP addresses, I'd just block the range in the firewall. That way, no customizations are needed on the server side and you don't have to change your otherwise-working Apache configuration. 0 -
Here is all the information with regards to the module differences.
mod_cgi whenever a multi-threaded MPM is selected during the compilation process. At the user level, this module is identical in configuration and operation to They require no additional changes to MPM or cgi so best of both worlds while offering a simular defence. In addition since 2.2.15 Apache itself recommends using mod_reqtimeout.0
Please sign in to leave a comment.
Comments
2 comments