Page 1 of 1

Slow HTTP Dos Attack

Posted: Mon Dec 07, 2015 11:08 am
by Nanook
Yesterday we were hit with a type of denial of service attack called a slow http DoS attack. Basically, the attacker starts a request but does not finish sending the header causing that connection to hang indefinitely. The process is repeated until all the worker slots are full waiting for the requesting end to finish sending the request header. At this point the web server is no longer able to service legitimate requests.

I installed a module called mod_qos that mitigated the attack but it was buggy and wedged the server this morning. It has been uninstalled and replaced with modreqtimeout that allows timeouts to be set on header and body requests.