[Owasp-modsecurity-core-rule-set] Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks

christian.folini at post.ch christian.folini at post.ch
Wed Nov 24 02:17:26 EST 2010


Hi Ryan,

Nice post. Thanks. Especially the combination of mod_reqtimeout and ModS
is very elegant in my eyes.

I am not so happy with SecReadStateLimit looking only at the IP address. 
How do protect proxies from your countermeasures? A proxy might share multiple 
hundred legitimate connections with your server for multiple hundred legitimate 
clients, all appearing to come from the same IP address.

Regs,

Christian


-----Ursprüngliche Nachricht-----
Von: owasp-modsecurity-core-rule-set-bounces at lists.owasp.org [mailto:owasp-modsecurity-core-rule-set-bounces at lists.owasp.org] Im Auftrag von Ryan Barnett
Gesendet: Mittwoch, 24. November 2010 02:45
An: mod-security-users at lists.sourceforge.net; owasp-modsecurity-core-rule-set at lists.owasp.org
Betreff: [Owasp-modsecurity-core-rule-set] Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks

This week's blog post -

http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html

--
Ryan Barnett
Senior Security Researcher
Trustwave - SpiderLabs


_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set


More information about the Owasp-modsecurity-core-rule-set mailing list