-
I am using Criollio as HTTP Server on iOS with a POST endpoint that accepts large image files encoded as string in JSON body of request. This works for the most part, but I have encountered failing re…
-
Right now each worker does a read on the socket to get the HTTP request, parses the request, and then builds a response to send back.
Building the response is very CPU intensive so we don't want to…
-
I was surprised to see `is_complete` operates on a character at a time, why not this:
```
char const*
find_eom(char const* p, char const* last)
{
for(;;)
{
if(p + 4 > last)
…
-
* **Version**: all
* **Platform**: all
* **Subsystem**: security
This is not an issue as such, but opened to provide some insights on the vulnerability, ratify any questions, clarifications on t…
-
-
Hello,
I try to protect apache server before Slow HTTP Headers attack using SecConnReadStateLimit and SecReadStateLimit but this directives doesn't work with Apache 2.4.x.
I've tested few version o…
-
(0.9.5) I've been using Caddy as a reverse proxy to provide tls, logging, and gzip to back-end services. I was seeing seemingly random file upload failures with code 502 and an error message `client d…
-
In an application I am currently debugging a response handler catches all exceptions via
```haskell
`catch` \(e :: SomeException) ->
```
and then logs the expection and continues to do it's w…
-
There is an ongoing lack of Tor network support for this package.
Use of the Tor net needs to be a viable second option, and improve the product's flexibility as a test tool.
-
Hi,
I am installed slowhttptest,
In link:
https://blog.qualys.com/securitylabs/2011/08/25/new-open-source-tool-for-slow-http-attack-vulnerabilities
says slowloris has lost of generated headers, ea…