ad_728x90

參觀我的【 伊生活小舖】

2014年9月4日 星期四

防護Apache受攻擊(Slowloris)..._Protect Apache Against Slowloris Attack ! 

Slowloris allows a single machine to take down another machine’s web server with minimal bandwidth and side effects on unrelated services and ports. The tools used to launch Slowloris attack can be downloaded at http://ha.ckers.org/slowloris/
Slowloris tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target web server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to—but never completing—the request. Affected servers will keep these connections open, filling their maximum concurrent connection pool, eventually denying additional connection attempts from clients.
Following web server has been tested and NOT affected by this kind of attack:
  • IIS6.0
  • IIS7.0
  • lighttpd
  • Squid
  • nginx
  • Cherokee
  • Netscaler
  • Cisco CSS



Since Apache is vulnerable to this attack, we should do some prevention. We need to install one Apache module called mod_antiloris. The module limits the number of threads in READ state on a per IP basis and protecting Apache against the Slowloris attack. Installation instruction as below:
1. Download the installer and install from Sourceforge.net:
$ cd /usr/local/src
$ wget http://sourceforge.net/projects/mod-antiloris/files/mod_antiloris-0.4.tar.bz2/download
$ tar -xvjf mod_antiloris-0.4.tar.bz2
$ cd mod_antiloris-*
$ apxs -a -i -c mod_antiloris.c
2. Restart Apache:
$ service httpd restart
3. Check whether mod_antiloris is loaded:
$ httpd -M | grep antiloris
   antiloris_module (shared)
or you can check using httpd fullstatus command:
$ service httpd fullstatus | grep antiloris
   mod_antiloris/0.4
For cPanel servers, don’t forget to run following command to make sure the new modifications be checked into the configuration system by running:
$ /usr/local/cpanel/bin/apache_conf_distiller --update
We have protect our web server from Slowloris attack. Try by launch the Slowloris attack to your web server and check the Apache status page to see whether it affected or not. Cheers!

引言處: http://blog.secaserver.com/2011/08/protect-apache-slowloris-attack/

COMMENTS HAVE BEEN DISABLED FOR THIS POST [文章的評論已被禁用]

Ratings and Recommendations by outbrain