-
Our service is incredibly vulnerable to slowloris-style attacks:
- Acquire 3 queue tickets
- Wait until it's your turn
- Start sending a binary frame
- Just stop and don't send anything while still re…
-
This is the output from mosquitto:
```
1362064669: New connection from 127.0.0.1.
1362064669: Socket read error on client (null), disconnecting.
```
-
I have a yesod web app that I'm able to fairly reliably, through a particular pattern of activity, cause to seem to freeze. Ie, I click on a link in the web browser and it spins, forever. Once this ha…
joeyh updated
10 years ago
-
A common issue is dealing with huge uploads and other long-running requests, like demonstrated by slowloris DOS attacks. In some cases, the DOS attack could be someone posting /dev/urandom to a http s…
jammi updated
10 years ago
-
InitializeCriticalSection can throw an exception on out of memory conditions.
It's use should be replaced by InitializeCriticalSectionAndSpinCount so the error can be caught and reported.
The uses a…
-
MODSEC-186: We are going to test a new option "SecReadStateLimit" to control the number of connections in Busy state. It will help to mitigate the slowloris attack
-
When an app is deployed with dokku, the docker container's private app port is exposed to a public port (http://docs.docker.io/en/latest/use/basics/#expose-a-service-on-a-tcp-port). This enables the a…
-
Hi,
I'm deploying uwsgi for an internet exposed server, and I am wondering if uwsgi in http mode do really need a frontend webserver (like nginx) or it's considered secure enough.
Thanks
-
The build in web server is VERY vulnerable to slowloris attacks. You need to add a filter for people that don't send/ask for a larger packet.
-
Are you aware that there is a DoS attack against Apache, predating your project, that is also named SlowLoris? It is not mentioned in your FAQ, and I am curious. If you are too, just google 'slowloris…