How is everyone else handling things like slowloris? I would assume it be more of an http request timeout to handle the incomplete HTTP requests but I am having a problem deciphering which setting, if any, would mitigate the attack.
Instead of trying several settings related to connection timeouts I thought you may know the easy answer.
Vulnerability scan show slowloris vulnerability
-
- Posts: 6
- Joined: Fri Jul 21, 2017 3:29 pm
-
- Posts: 6
- Joined: Fri Jul 21, 2017 3:29 pm
-
- Posts: 6
- Joined: Fri Jul 21, 2017 3:29 pm
Re: Vulnerability scan show slowloris vulnerability
Some settings I was planning on playing with.
uint MaxConnectionsPerIP
uint MaxUnestablishedConnections
uint max_sessions
uint max_sessions_client
uint MaxConnectionsPerIP
uint MaxUnestablishedConnections
uint max_sessions
uint max_sessions_client
-
- Posts: 6
- Joined: Fri Jul 21, 2017 3:29 pm
Re: Vulnerability scan show slowloris vulnerability
155 views and no ideas?
-
- Site Admin
- Posts: 2070
- Joined: Sat Mar 09, 2013 5:37 am
Re: Vulnerability scan show slowloris vulnerability
MaxConnectionsPerIP doesn't work?