| Author |
|
puertoblack2003
Joined: 31 Jul 2009
Posts: 121
Location: U.S
|
 Posted: Sat 09 Jan '10 22:31 Post subject: |
 |
|
| what would be the best ipreadlimit number to set it too? |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Sun 10 Jan '10 1:22 Post subject: |
|
|
I've left mine at it's default of 5.
Keep an eye on your error log however, if you see a lot of messages in it like the ones shown on the prior page, then you may need to move that number up. |
|
| Back to top |
|
puertoblack2003
Joined: 31 Jul 2009
Posts: 121
Location: U.S
|
| Posted: Sun 10 Jan '10 9:49 Post subject: |
|
|
| glsmith wrote: | I've left mine at it's default of 5.
Keep an eye on your error log however, if you see a lot of messages in it like the ones shown on the prior page, then you may need to move that number up. |
thanks i bumped it up to 10 |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Sat 08 May '10 20:00 Post subject: |
|
|
Digging up an old one.
Flatcircle, have you played with the new mod_reqtimeout that came with 2.2.15? It was made with slowloris in mind. |
|
| Back to top |
|
maskego
Joined: 16 Apr 2010
Posts: 238
|
| Posted: Sun 09 May '10 8:28 Post subject: |
|
|
Can use "Mod_LimitIPConn" to stop this attack?
or any good idea to stop it?
To shorten the "timeouts" is key to solve this exploit?
regards.
| glsmith wrote: | Digging up an old one.
Flatcircle, have you played with the new mod_reqtimeout that came with 2.2.15? It was made with slowloris in mind. |
|
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Sun 09 May '10 19:26 Post subject: |
|
|
@maskego
> Can use "Mod_LimitIPConn" to stop this attack?
No
> To shorten the "timeouts" is key to solve this exploit?
Not really, it helps but you can only set the timeout so low before it affects the server's performance, and that is still not low enough to stop Slowloris.
>or any good idea to stop it?
mod_antiloris works against it and is simple to use.
mod_reqtimeout is supposed to deal with it, is a little more complex to set up but I find the theory behind it quite unique and ingenious. It doesn't keep track of IPs and how many connections the IP is using, but deals with each connection individually.
It's still using timeouts however (be it a dynamic timeout) which I think on any version of Windows that has the connection limit, mod_reqtimeout may not help as much, that's just my guess though. |
|
| Back to top |
|
maskego
Joined: 16 Apr 2010
Posts: 238
|
| Posted: Mon 10 May '10 2:37 Post subject: |
|
|
I get it.
regards. |
|
| Back to top |
|
maskego
Joined: 16 Apr 2010
Posts: 238
|
| Posted: Mon 10 May '10 7:34 Post subject: |
|
|
If the IPReadLimit number set too high,what issue will occur?does mod_Antiloris will not against slowloris attack?or other?
What type of log will generate while web suffer slowloris attacking?
regards
| glsmith wrote: | I've left mine at it's default of 5.
Keep an eye on your error log however, if you see a lot of messages in it like the ones shown on the prior page, then you may need to move that number up. |
|
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Tue 11 May '10 0:38 Post subject: |
|
|
I would think that if you had a limited number of connections, and you set it at or above that number, if your attacked, your server will become unreachable during the attack.
you can see the error log listing on page 1 of this thread about 2/3 of the way down the page. Click "Previous" under the thread title on top left of this page. |
|
| Back to top |
|
maskego
Joined: 16 Apr 2010
Posts: 238
|
| Posted: Tue 11 May '10 2:54 Post subject: |
|
|
Actually,I check logs and find some ones who are rejected by this mod.I don't know how many connections is the right web browsers used numbers.
How to define the numbers of various web browsers connect?
best regards.
| glsmith wrote: | I would think that if you had a limited number of connections, and you set it at or above that number, if your attacked, your server will become unreachable during the attack.
|
|
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Tue 11 May '10 8:41 Post subject: |
|
|
Nor do I.
I only know that the only thing I see this on is files being downloaded by aggressive download managers. I have no problem with this as it keeps them from opening a gazillion connections, they still get the file and just as fast.
I've never seen it block actual content. |
|
| Back to top |
|
maskego
Joined: 16 Apr 2010
Posts: 238
|
| Posted: Mon 17 May '10 2:27 Post subject: |
|
|
Do you mean,this module will limit the number of connection behind the web?But,the users will browse the web content via limited number of connection?
regards.
| glsmith wrote: | Nor do I.
I've never seen it block actual content. |
|
|
| Back to top |
|
