This is a configuration file that will be preserved after any upgrades since it is in the custom folder.Ģ. Windows: C:\Program Files (x86)\Common Files\Aspera\Common\apache\custom\nf.Linux: /opt/aspera/common/apache/custom/nf.Look fora file named reqtimeout at the following location and open it in a text editor: You can check your version of Common by running the following command:ġ.
CENTOS APACHE PREVENT SLOWLORIS ATTACK UPGRADE
If you prefer not to upgrade you will need to add the reqtimeout module yourself. If you have an earlier version of Common we encourage you to upgrade for added security benefits. In order to prevent this kind of attack you can use Apaches reqtimeout module to configure the timeout process for HTTP requests.Īs of Common 1.1.25 for Faspex and Common 1.2.20 for Console the reqtimeout is included by default. This means that an attacker can send multiple incomplete GET requests and keep the connections open in order to block other users from getting their requests processed by the server.Īpache does have a default timeout of 300 seconds after which it stops waiting for incomplete HTTP headers and closes the connection but since the timeout is reset once the client sends more data an attacker can just continue to send garbage data and keep the connection open. The attack exploits the fact that Apache waits for complete HTTP headers to be received before closing an HTTP connection. This means that your Apache web servers for Faspex or Console are vulnerable to this attack (applications based on nginx such as Shares are safe). A Slowloris or Slow HTTP DoS attack is a type of denial of service that can affect thread-based web servers such as Apache.
0 kommentar(er)
