Hi, As suggested here: https://community.qualys.com/blogs/securitylabs/2011/11/02/how-to-protect-against-slow-http-attacks Modifying those directives can protect against slow HTTP attacks and make the attacks more difficult to execute:
- LimitRequestFields - LimitRequestFieldSize - LimitRequestBody - LimitRequestLine - LimitXMLRequestBody - TimeOut - KeepAliveTimeOut - ListenBackLog’s - MaxRequestWorkers - AcceptFilter Does someone already configured a svn apache server to handle slow http attacks? Is there any known impact of theses apache directives? Thank you in advance. -- Nouha
