Home/ Questions/Q 6701019
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T06:53:01+00:00

Does anybody know if there is a fix for Slow HTTP POST Vulnerabity for

  • 0

Does anybody know if there is a fix for Slow HTTP POST Vulnerabity for Apache?
http://www.darkreading.com/vulnerability-management/167901026/security/attacks-breaches/228000532/researchers-to-demonstrate-new-attack-that-exploits-http.html

Here is a tool to test the vulnerabilty:
http://code.google.com/p/slowhttptest/

And here is documentation for Apache Module mod_reqtimeout, which I believe might help:
http://httpd.apache.org/docs/2.3/mod/mod_reqtimeout.html

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could use ModSecurity:

    For the purposes of identifying RUDY types of attacks, we can add the
    following directive to our Apache configs:

    RequestReadTimeout header=30, body=30

    This places a threshold of 30 seconds to completely receive the
    request body data. If the data is not received by that time, Apache
    will issue a 408 Request-Timeout status code. With this directive in
    place, we then add in some new ModSecurity rules that do the
    following:

    • 0