Slowloris is a script which opens TCP connections and sends HTTP headers very slowly to force web servers to keep connections opened. The purpose of Slowloris is to take all of the resources from one server for him, preventing any regular browser from using the service. It is a Layer 7 Denial of Service (DoS) attack.
HAProxy Configuration
When using HAProxy, protecting your web platform from such attacks is easy. The HAProxy configuration below shows how to shield your site from this attack.
defaults
mode http
maxconn 19500 # Should be slightly smaller than global.maxconn.
timeout client 60s # Client and server timeout must match the longest
timeout server 60s # time we may wait for a response from the server.
timeout queue 60s # Don't queue requests too long if saturated.
timeout connect 4s # There's no reason to change this one.
timeout http-request 5s # A complete request may never take that long.
# Uncomment the following one to protect against nkiller2. But warning!
# some slow clients might sometimes receive truncated data if last
# segment is lost and never retransmitted :
# option nolinger
option httpclose
option abortonclose
balance roundrobin
option forwardfor # set the client's IP in X-Forwarded-For.
retries 2
frontend public
bind :80 # or any other IP:port combination we listen to.
default_backend apache
backend apache
# set the maxconn parameter below to match Apache's MaxClients minus
# one or two connections so that you can still directly connect to it.
server srv 192.168.1.1:80 maxconn 248Related articles
