To mitigate against slow post attacks, I set the following in my apache.
RequestReadTimeout header=5-20,MinRate=500 body=10-60,MinRate=500
The problem with this is when users are uploading files on a slow connection, their connection gets dropped.
Is there a way to accommodate slow uploads while also protecting against slow post attacks?
You can use mod_qos and its QS_SrvMaxConnPerIP to limit how many connections can be made by a given IP address. That can prevent it as long as the attacker isn't using too many different IP addresses. If you have MaxClients of 150 and QS_SrvMaxConnPerIP of 45, they could attack from 3 different IPs and you'd have 15 connections available (150 - (45*3) = 135. Be careful not to set this too low in case you have multiple people from the same office accessing the site since each single browser uses multiple connections at once when loading a webpage.
