Skip to content

As Slowloris HTTP DoS Rises, Astaro is Ready

Recently the Slowloris Denial of Service attack has jumped in popularity. This attack is similar to SYN flood, but uses HTTP instead, basically consuming sockets on the Web Server vs. trying to saturate all the bandwidth. This is an interesting attack, particularly because it does not require a lot of bandwidth by the attacker.

Recently the Slowloris Denial of Service attack has jumped in popularity. This attack is similar to SYN flood, but uses HTTP instead, basically consuming sockets on the Web Server vs. trying to saturate all the bandwidth. This is an interesting attack, particularly because it does not require a lot of bandwidth by the attacker.

Indeed it is possible to DoS even large sites simply using a common residential Internet connection, and using Slowloris to eat-up the Web Server’s ability to respond to other HTTP requests, by sending partial ones itself and thus holding the sockets open.

You can read more about this DoS technique here. While the approach is not new, the working implementation of it "for the masses" is starting to appear more commonly. As we have already received dozens of queries about how to stop this attack, we’d like to inform you that Astaro installations with current/updated Intrusion Protection Patterns will be protected against this, so neither admins or their Web Servers need to fear. The ID for this new rule is #1000023, and is located in the HTTP Servers Group under the Apache category.

If your ASG installation is showing pattern revision 9857 or better, you are protected.

1 Comment

Is this protection provide on UTM devices or Web Application Firewall(WAF) and do you happen to know which models?

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!