User: Password:
Subscribe / Log in / New account

Time them out

Time them out

Posted Jun 25, 2009 6:56 UTC (Thu) by man_ls (guest, #15091)
In reply to: Apache attacked by a "slow loris" by marineam
Parent article: Apache attacked by a "slow loris"

I'm probably stating the obvious, but why not cut each client after a total time of, say, 20 seconds? Genuine clients should not take more than that in making a request. Such a global timeout would only damage extremely slow network links, which might (arguably) be better off cutting the connection short. Quite often I've seen my trusty Firefox waiting minutes for a site which, unsurprisingly, does not come out after all.

Combined with something like what you say (20 connections per IP) it would severely limit the damage of this attack. Each individual slow loris would only be able to tie up 20 threads for 20 seconds. So you would need a fairly extensive network to take a site up.

(Log in to post comments)

Time them out

Posted Jun 25, 2009 10:16 UTC (Thu) by MathFox (guest, #6104) [Link]

If you are running a blog or CMS, some of your users need to upload (POST) stories/texts, images and other media. Depending on the website, that can be quite some data, a few megabytes. Timing out too early will make your editors unhappy (and still allows for enough of a window for slow loris.) I have good experiences with server side proxies (freeing Apache resources for all users on slow links), our problem was getting a 4 MB of HTML to users on slower links. Apache kept all its resources till the last byte was sent.

Time them out

Posted Jun 27, 2009 13:10 UTC (Sat) by jengelh (subscriber, #33263) [Link]

So, use <LimitExcept POST> to allow such slowposting for CMS expecting dialup users.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds