tag:blogger.com,1999:blog-18341144.post7700404789952243762..comments2024-03-23T06:16:41.965-04:00Comments on Thoughts of a Technocrat: Testing Web Servers for Slow HTTP AttacksTechnocrathttp://www.blogger.com/profile/05399633416913275459noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-18341144.post-66648207307096367312011-09-28T19:11:27.391-04:002011-09-28T19:11:27.391-04:00Some of these attacks are due to flaws on the HTTP...Some of these attacks are due to flaws on the HTTP server itself. For example look up the "Slowloris" which picks on the fact that Apache is a threaded server application.<br /><br />The vulnerability is impossible to prevent by editing configuration files, as it's a flaw with Apache itself. (However, by using Apache plugins there are methods to try and mitigate these types of attack, for example "mod_qos")<br /><br />Other web server applications such as Nginx and Lighttpd are not "threaded" servers, they are asynchronous servers, so they can withstand the main flaws that Apache has.Ben Poulsonhttps://www.blogger.com/profile/02403886984352825050noreply@blogger.com