Slowloris

Slowloris is a script which opens TCP connections and sends HTTP headers very slowly to force web servers to keep connections opened.
The purpose of Slowloris is to take all of the resources from one server for him, preventing any regular browser from using the service.
It is a Layer 7 Denial of Service (DoS) attack.

HAProxy Configuration

When using HAProxy, it’s easy to protect your web platform from such attacks.
The HAProxy configuration below shows how to shield your site from this attack.

defaults
	mode http
	maxconn 19500        # Should be slightly smaller than global.maxconn.
	timeout client 60s   # Client and server timeout must match the longest
	timeout server 60s   # time we may wait for a response from the server.
	timeout queue  60s   # Don't queue requests too long if saturated.
	timeout connect 4s   # There's no reason to change this one.
	timeout http-request 5s	# A complete request may never take that long.
	# Uncomment the following one to protect against nkiller2. But warning!
	# some slow clients might sometimes receive truncated data if last
	# segment is lost and never retransmitted :
	# option nolinger
	option httpclose
	option abortonclose
	balance roundrobin
	option forwardfor    # set the client's IP in X-Forwarded-For.
	retries 2

frontend public
	bind :80 # or any other IP:port combination we listen to.
	default_backend apache

backend apache
	# set the maxconn parameter below to match Apache's MaxClients minus
	# one or two connections so that you can still directly connect to it.
	server srv 192.168.1.1:80 maxconn 248

Related articles

Links

SHARE THIS ARTICLE