Protect your web server against slowloris

Slowloris???

Slowloris is a script which opens TCP connections and send HTTP headers very slowly to force webservers to keep connections opened.
Slowloris purpose is to take all resources from one server for him, preventing any regular browser from using the service.
It is a layer 7 DOS.

Configuration

When using an Aloha, it’s easy to protect your web platform from such attacks by using HAProxy.
The configuration below shows how turn Aloha load balancer as a shield for your website.

defaults
	mode http
	maxconn 19500        # Should be slightly smaller than global.maxconn.
	timeout client 60s   # Client and server timeout must match the longest
	timeout server 60s   # time we may wait for a response from the server.
	timeout queue  60s   # Don't queue requests too long if saturated.
	timeout connect 4s   # There's no reason to change this one.
	timeout http-request 5s	# A complete request may never take that long.
	# Uncomment the following one to protect against nkiller2. But warning!
	# some slow clients might sometimes receive truncated data if last
	# segment is lost and never retransmitted :
	# option nolinger
	option httpclose
	option abortonclose
	balance roundrobin
	option forwardfor    # set the client's IP in X-Forwarded-For.
	retries 2

frontend public
	bind :80 # or any other IP:port combination we listen to.
	default_backend apache

backend apache
	# set the maxconn parameter below to match Apache's MaxClients minus
	# one or two connections so that you can still directly connect to it.
	server srv 192.168.1.1:80 maxconn 248

Related articles

Links

About these ads

About Baptiste Assmann

Aloha Product Manager
This entry was posted in Aloha, security and tagged , , , . Bookmark the permalink.

3 Responses to Protect your web server against slowloris

  1. Pingback: Web traffic limitation | Exceliance – Aloha Load Balancer

  2. Pingback: Protect Apache against “apache killer” script | Exceliance – Aloha Load Balancer

  3. Pingback: Use a load-balancer as a first row of defense against DDOS | Exceliance – Aloha Load Balancer

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s