|
|
Subscribe / Log in / New account

Using HTTP POST for denial of service

Using HTTP POST for denial of service

Posted Dec 2, 2010 18:45 UTC (Thu) by skorgu (subscriber, #39558)
In reply to: Using HTTP POST for denial of service by adamgundy
Parent article: Using HTTP POST for denial of service

Not to mention the use of CDNs or other proxies as the first point of connection. Does slowlaris et al persist through an Akamai or similar cache?

to post comments

Using HTTP POST for denial of service

Posted Dec 2, 2010 19:19 UTC (Thu) by adamgundy (subscriber, #5418) [Link]

same thing, but generally CDNs are used for static content (lots of GET requests). some support POST for uploading large files (images, video, etc), but that's less common.

you don't generally put a CDN in front of your 'dynamic' web server domain (because for dynamic content it can't usually help with caching, and just adds another layer of indirection and delay)

layer 7 load balancing proxies will almost certainly 'fix' slowloris AND this 'slowpost' attack - that's what nginx or any of the other servers I listed are doing - DNS round robin etc (poor man's balancing) obviously won't help.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds