Date: Thu, 01 Oct 2009 02:40:48 +0200 From: Thomas Rasmussen <thomas@gibfest.dk> To: freebsd-security@freebsd.org Subject: Re: Update on protection against slowloris Message-ID: <4AC3FA90.1000405@gibfest.dk> In-Reply-To: <4AC37D6B.3060409@optiksecurite.com>
index | next in thread | previous in thread | raw e-mail
Martin Turgeon wrote: > Hi list! > > We tested mod_antiloris 0.4 and found it quite efficient, but before > putting it in production, we would like to hear some feedback from > freebsd users. We are using Apache 2.2.x on Freebsd 6.2 and 7.2. Is > anyone using it? Do you have any other way to patch against Slowloris > other than putting a proxy in front or using the HTTP accept filter? > > Thanks for your feedback, > > Martin > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" Hello, I am using it succesfully although not under any serious load, same Apache and FreeBSD versions. I found it easy (compared to the alternatives) and efficient, and no I don't know of any other ways of blocking the attack, short of using Varnish or similar. However, accf_http doesn't help at all, since HTTP POST requests bypass the filter. HTTP POST can be enabled by passing the -httpready switch to Slowloris. Please report back with your findings, I've been wondering how it would perform under load. Best of luck with it, Thomas Rasmussenhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AC3FA90.1000405>