Prevent SlowLoris attack with ModSecurity (Apache)

Asked Oct 31 '21 at 22:13

Active Nov 02 '21 at 16:17

Viewed 298 times

I'm unable to stop a SlowLoris attack using ModSecurity in my apache (2.4) server from a computer that is in the same network.

I'm on Debian 11.

I add this to the /etc/modsecurity/modsecurity.conf :

SecConnReadStateLimit 5

And set this to On: SecRuleEngine On

I'm using this to execute the attack: slowhttptest -H -c 1000 -i 1 -r 200 -x 24 -p 5 -t GET -u http://10.11.48.76:80

And yes I do: systemctl restart apache2

edited Oct 31 '21 at 22:40

asked Oct 31 '21 at 22:13

Rodrigo Diaz

https://en.wikipedia.org/wiki/Slowloris_(computer_security) , https://httpd.apache.org/docs/2.4/mod/mod_reqtimeout.html – A.B Nov 01 '21 at 00:05

0 Answers0