Mod_Security and Slowloris

Wednesday, December 01, 2010
Cross-Posted from Robert "RSnake" Hansen's Blog:
http://ha.ckers.org/blog/20101201/mod_security-and-slowloris/

3 posts left…

After all the press around Wong Onn Chee and Tom Brennan’s version of a HTTP DoS attack, I think people started taking HTTP DoS a tad more seriously. Yes, there are lots of variants of HTTP based DoS attack, and I’m sure more tools will surface over time. The really interesting part is how both Apache and IIS has disagreed that it is their problem to fix. So we are left to fend for ourselves. Enter mod_security (at least for Apache).

When I originally tested Slowloris against mod_security, it had no chance of solving the problem. I spoke with Ivan Ristic who said that it simply ran too late (same thing with .htaccess, and many other things built into Apache). So the world was at a bit of a loss when the DoS originally came out. Now with the latest changes in mod_security at least we now have a viable (non experimental) solution other than using alternate webservers, load balancers or networking solutions. Very cool stuff!

Possibly Related Articles:
15259
Vulnerabilities Webappsec->General
Denial of Service Apache HTTP Security
Post Rating I Like this!