>
> You using iptables? What rules did you end up using to accomplish this?
>
Using OpenBSD's Packet Filter. It's not perfect; I have to set the
connection limit quite high (at 36) because the connection state stays
in the firewall for about a minute even during the FIN_WAIT_2 stage.
Here are my
> add Operating System wide firewall rules to
> disallow more than N number of concurrent TCP connections to port 80
> from a single IP address.
You using iptables? What rules did you end up using to accomplish this?
smime.p7s
Description: S/MIME cryptographic signature
> Isn't it diffcult to configure it based on Ip because:
>
> 1. Ip could be of proxy server
> 2. Ip could be of ISP
>
> Would that lead into good requests being denied?
Sometimes, yes, but mostly, no.
-
The official User-To-User
Isn't it diffcult to configure it based on Ip because:
1. Ip could be of proxy server
2. Ip could be of ISP
Would that lead into good requests being denied?
On Sun, Apr 4, 2010 at 11:16 AM, Nerius Landys wrote:
> Guys, I think I'll just add Operating System wide firewall rules to
> disallow mor
Guys, I think I'll just add Operating System wide firewall rules to
disallow more than N number of concurrent TCP connections to port 80
from a single IP address.
-
The official User-To-User support forum of the Apache HTTP Server
On 4-Apr-2010, at 05:40, Nick Kew wrote:
>
> On 4 Apr 2010, at 07:03, Morgan Gangwere wrote:
>
>> On a note, someone posted about Slowloris and Apache:
>> http://bahumbug.wordpress.com/2009/06/21/slowloris/
>
> FWIW, that's been overtaken by events. I wrote mod_noloris shortly after
> that blog
On 4 Apr 2010, at 07:03, Morgan Gangwere wrote:
> On a note, someone posted about Slowloris and Apache:
> http://bahumbug.wordpress.com/2009/06/21/slowloris/
FWIW, that's been overtaken by events. I wrote mod_noloris shortly after
that blog entry. That too has been overtaken, and nowadays I'd
On 4/3/2010, lots of people chimed in saying things.
Around 00:03 [-7GMT], Morgan Gangwere chimed in to say:
I'd suggest either turning on Syn Cookies, getting mpm_worker running,
or not really worrying about it. mpm_worker so far for me has been able
to avoid the Slowloris attack on a 50Mhz AR
It was thus said that the Great Nerius Landys once stated:
> > This is called 'slow loris' attack. That'll give you something to Google for
> > :)
>
> Thank you so much for the help guys.
>
> I did Google "slowloris" and I did indeed find much information. In
> fact, the program I wrote from scr
On Sat, Apr 3, 2010 at 9:09 PM, Nerius Landys wrote:
>> if (ip_count > conf->limit) {
>> ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "Rejected,
>> too many connections in READ state from %s", c->remote_ip);
>> return OK;
>> } else {
>> return DECLINED;
>> }
I'd
> if (ip_count > conf->limit) {
> ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "Rejected,
> too many connections in READ state from %s", c->remote_ip);
> return OK;
> } else {
> return DECLINED;
> }
I figured out what OK and DECLINED mean. In httpd.h:
#define DE
> This is called 'slow loris' attack. That'll give you something to Google for
> :)
Thank you so much for the help guys.
I did Google "slowloris" and I did indeed find much information. In
fact, the program I wrote from scratch does the exact attack described
on the slowloris Wikipedia page.
An
On 4/04/2010 11:32 a.m., Nerius Landys wrote:
So, when I run the 100 thread program against my max-80-clients
server, and each of the 100 threads takes over one minute to send the
complete HTTP request header, my Apache httpd server becomes
unavailable to other incoming connections. In other wor
13 matches
Mail list logo
