Protect your web server against slowloris


Slowloris is a script which opens TCP connections and send HTTP headers very slowly to force webservers to keep connections opened.
Slowloris purpose is to take all resources from one server for him, preventing any regular browser from using the service.
It is a layer 7 DOS.


When using an Aloha, it’s easy to protect your web platform from such attacks by using HAProxy.
The configuration below shows how turn Aloha load balancer as a shield for your website.

	mode http
	maxconn 19500        # Should be slightly smaller than global.maxconn.
	timeout client 60s   # Client and server timeout must match the longest
	timeout server 60s   # time we may wait for a response from the server.
	timeout queue  60s   # Don't queue requests too long if saturated.
	timeout connect 4s   # There's no reason to change this one.
	timeout http-request 5s	# A complete request may never take that long.
	# Uncomment the following one to protect against nkiller2. But warning!
	# some slow clients might sometimes receive truncated data if last
	# segment is lost and never retransmitted :
	# option nolinger
	option httpclose
	option abortonclose
	balance roundrobin
	option forwardfor    # set the client's IP in X-Forwarded-For.
	retries 2

frontend public
	bind :80 # or any other IP:port combination we listen to.
	default_backend apache

backend apache
	# set the maxconn parameter below to match Apache's MaxClients minus
	# one or two connections so that you can still directly connect to it.
	server srv maxconn 248

Related articles