bojan at rexursive
Jul 4, 2009, 5:20 PM
Post #1 of 1
(317 views)
Permalink
|
|
LimitRequestRate configuration directive?
|
|
Just wondering, if it would be useful to have a LimitRequestRate
configuration directive, which would then mitigate against Slowloris and
friends?
For instance, if Timeout is 5 seconds, Slowloris will push 8 bytes
through the pipe every 5 seconds (X-a: b\r\n), giving it the rate of 1.6
bytes per second. Quite obviously, this kind of input rate is not
something today's machines and networks are experiencing on a regular
basis, so requiring say 100 bytes per second or more in this scenario
would help against this kind of attack. In combination with other Limit
directives, the attacker would hit disconnect much faster, hopefully
giving legitimate clients more chance to get a thread/process.
Disclaimer: not a security expert by any stretch of imagination.
Bullshit filter advised :-)
--
Bojan
|
