[Owasp-modsecurity-core-rule-set] Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks

christian.folini at post.ch christian.folini at post.ch
Wed Nov 24 02:17:26 EST 2010

Hi Ryan,

Nice post. Thanks. Especially the combination of mod_reqtimeout and ModS
is very elegant in my eyes.

I am not so happy with SecReadStateLimit looking only at the IP address. 
How do protect proxies from your countermeasures? A proxy might share multiple 
hundred legitimate connections with your server for multiple hundred legitimate 
clients, all appearing to come from the same IP address.



-----Ursprüngliche Nachricht-----
Von: owasp-modsecurity-core-rule-set-bounces at lists.owasp.org [mailto:owasp-modsecurity-core-rule-set-bounces at lists.owasp.org] Im Auftrag von Ryan Barnett
Gesendet: Mittwoch, 24. November 2010 02:45
An: mod-security-users at lists.sourceforge.net; owasp-modsecurity-core-rule-set at lists.owasp.org
Betreff: [Owasp-modsecurity-core-rule-set] Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks

This week's blog post -


Ryan Barnett
Senior Security Researcher
Trustwave - SpiderLabs

Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set at lists.owasp.org

More information about the Owasp-modsecurity-core-rule-set mailing list