New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
mod_antiloris
IMO a quick fix would be nginx :P
but in all seriousness as IceCream said, mod_antiloris apache module will do the job
Install mod_security, default rules are effective against it.
Alright thanks, ill try it.
Well, you could also use Nginx as a reverse proxy infront of Apache to fight Slowloris.
You look butthurt.
Mark would you use Nginx with Apache in a reverse proxy setup? That would not only defeat slowloris but would also lower resource usage of your Apache server.
Im not sure yet, ill first try the previous suggestions - if that wont work i have to give it a shot.
Keep it up kid, your rage is delicious.
Nginx buddy.
You can put nginx infront and just proxy everything to Apache.
Btw Apache doesn't fix it because it is abusing a routine to help speed up connections.
Well no, not really. It has to do with the fundamental model (threading) that Apache is designed around - Slowloris just tries to keep all 'workers' (threads) occupied by drip-feeding them data, very very slowly. Daemons like nginx don't have this problem because they're event-based, thus incoming data starvation doesn't have any effect - it'll just switch to handling something else in the meantime.
isn't slowloris just trying to fill up the max apache connections limit?
Welcome back. go on. you're definitly getting somewhere.
Correct, and thus why my point that it was abusing a routine. If I remember correctly slowlorris maxes out Keep Alive as well to get this effect? Maybe I am mistaking it with another attack program?
dont you have anything better to do? im actually relaxing after a day hard work. what did you do all day? registering fake accounts at LET and messaging bullshit? its pretty sad. i wonder how long you will continue until you realize that it is useless just like you are. feel free to continue though - go waste as much of your lifetime as possible.
Keep-Alive abuse is a different attack - commonly known as Keep-Dead. As far as I know, Slowloris doesn't use it (and it doesn't have to - the single requests it makes, never finish anyway).
That is correct, but it does it specifically through never-ending requests. See my earlier comment. That is what makes it so low-bandwidth.
...
In any case it is easily mitigated by installing nginx infront and using it with proxy pass.
Yeah, it looks like i have to widen my horizon and see what nginx is all about. so many people recommend it, that must have a reason.
You aren't getting rid of apache, you are just sitting nginx infront of it and allowing nginx to handle the rougher outer world. Apache just sits in the back accepting the more cleaned up versions.
I have actually seen improvement benefits using both in combination then either as a single entity.
alright, ill get onto this later this evening. i thank all of you who gave me suggestions - i will make good use of it and get everything setup the right way. if shit hits the van i will definitly get back to this thread!
I suggest for the time being you get another VM.
apt-get install nginx
edit a file in /etc/nginx/site-available/sitename.com
server { listen 80; listen [::]:80; listen 443 ssl spdy; listen [::]:443 ssl spdy; ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; server_name sitename.com ; try_files $uri; index index.php index.htm index.html; access_log /logs/path; error_log /logs/path; location ~^ / { proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header CF-Connecting-IP $remote_addr; proxy_set_header Host $host; proxy_pass https://ip:port; } }The above should work though I haven't tested it. It is sorta pulled out of my current config, though mine is a little different.
Shouldn't even really need a separate VM. Just make Apache listen on localhost:8000 or something instead of 80, and have nginx sitting on 80/443, proxying to localhost:8000.