Slowloris is a script which opens TCP connections and sends HTTP headers very slowly to force web servers to keep connections opened.
The purpose of Slowloris is to take all of the resources from one server for him, preventing any regular browser from using the service.
It is a Layer 7 Denial of Service (DoS) attack.
When using HAProxy, it’s easy to protect your web platform from such attacks.
The HAProxy configuration below shows how to shield your site from this attack.
defaults mode http maxconn 19500 # Should be slightly smaller than global.maxconn. timeout client 60s # Client and server timeout must match the longest timeout server 60s # time we may wait for a response from the server. timeout queue 60s # Don't queue requests too long if saturated. timeout connect 4s # There's no reason to change this one. timeout http-request 5s # A complete request may never take that long. # Uncomment the following one to protect against nkiller2. But warning! # some slow clients might sometimes receive truncated data if last # segment is lost and never retransmitted : # option nolinger option httpclose option abortonclose balance roundrobin option forwardfor # set the client's IP in X-Forwarded-For. retries 2 frontend public bind :80 # or any other IP:port combination we listen to. default_backend apache backend apache # set the maxconn parameter below to match Apache's MaxClients minus # one or two connections so that you can still directly connect to it. server srv 192.168.1.1:80 maxconn 248