-3

How to protect from slowloris ?

I have installed mod_antiloris and mod_qos and acunetix still warn about slowloris. mod_antiloris and mod_qos are loaded

Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_qos/10.21 mod_antiloris/0.4 

    `Loaded Modules:

 antiloris_module (shared)
 qos_module (shared)`
HTTP500
  • 4,833
  • 4
  • 23
  • 31
Luka Tce
  • 37
  • 1
  • 2
  • 7
  • please be specific in what is the problem and provide proper details – Farhan Sep 27 '13 at 14:44
  • Problem is acunetix still warn me about slowloris even mod_antiloris and mod_qos are running. How to fix it ? – Luka Tce Sep 27 '13 at 16:51
  • 1
    Don't always trust pen-testing tools. Personally, I would attack my own server to test and see if it is working. It probably is working just Acunetix is outdated or just not working – Jason Sep 27 '13 at 16:59
  • Acunetix is updated to latest version 8.0 2013 06 26 Trying also to use AcuSensor but can't get it working What filepath i put for file location ./filename if is in root of domain So best is i use .pl file of slowloris ? to test it ? php_value auto_prepend_file ‘[path to acu_phpaspect.php file]’. – Luka Tce Sep 27 '13 at 17:30

1 Answers1

0

I've had success with the mod_reqtimeout module to mitigate that Acuentix flag.

e.g.

Load the module:

LoadModule reqtimeout_module modules/mod_reqtimeout.so

Specify for your VirtualHost:

<IfModule reqtimeout_module>
RequestReadTimeout header=10-20,MinRate=500 body=10,MinRate=500
</IfModule>

Cheers

HTTP500
  • 4,833
  • 4
  • 23
  • 31