As Slowloris HTTP DoS Rises, Astaro is Ready

Recently the Slowloris Denial of Service attack has jumped in popularity. This attack is similar to SYN flood, but uses HTTP instead, basically consuming sockets on the Web Server vs. trying to saturate all the bandwidth. This is an interesting attack, particularly because it does not require a lot of bandwidth by the attacker.

Indeed it is possible to DoS even large sites simply using a common residential Internet connection, and using Slowloris to eat-up the Web Server’s ability to respond to other HTTP requests, by sending partial ones itself and thus holding the sockets open.

You can read more about this DoS technique here. While the approach is not new, the working implementation of it "for the masses" is starting to appear more commonly. As we have already received dozens of queries about how to stop this attack, we’d like to inform you that Astaro installations with current/updated Intrusion Protection Patterns will be protected against this, so neither admins or their Web Servers need to fear. The ID for this new rule is #1000023, and is located in the HTTP Servers Group under the Apache category.

If your ASG installation is showing pattern revision 9857 or better, you are protected.

One thought on “As Slowloris HTTP DoS Rises, Astaro is Ready

  1. Is this protection provide on UTM devices or Web Application Firewall(WAF) and do you happen to know which models?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s