Lead Image © Russell Shively, 123RF.com
Denial of service defense
Putting On the Brakes
The Hypertext Transfer Protocol (HTTP) forms the foundation for communication between web browsers and web servers. Slowloris [1] initially follows the usual procedure of an HTTP connection, but then disrupts processing of the request by sending an incomplete HTTP request at a very slow speed, as follows: (1) Slowloris uses TCP to open a client connection to the target server; (2) instead of sending a full HTTP request directly to the server, Slowloris begins a request and then continuously, but very slowly, adds headers without ever completing the request; (3) the server fields all of the header data and waits for the request to complete, keeping the connection alive; and finally, (4) because the server can only process a limited number of simultaneous connections, a large number of slow connections render the server unable to accept connections from other clients.
Immune Out of the Box
Not all modern web servers are susceptible to Slowloris attacks. The default configuration of today's most commonly used web server, NGINX, is basically immune, not just because of the settings, but because of the server architecture. NGINX uses an event-oriented asynchronous architecture that, above all, does not maintain a thread to handle each open connection and only needs a minimal amount of memory for each connection.
The client_header_timeout and client_body_timeout configuration options let you tell NGINX the intervals at which a client needs to send data when opening a connection. If the client fails to keep pace, NGINX responds with a timeout error with HTTP error code 408. However, this also means that you could make the NGINX server even more vulnerable if you configure it incorrectly.
The best-known web server besides Microsoft's Internet Information Server (IIS; which is rarely used and has a market share
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Can Your Server Be Toppled with a Single Command?
The common Apache benchmarking tool known as ab can carry off a highly effective DoS attack if you're not prepared for it.
-
Distributed denial of service attacks from and against the cloud
In some particularly sophisticated DDoS attacks, the attackers rely on and target the cloud, allowing attackers to work around conventional defense mechanisms. We explain how a DDoS attack in the cloud works, and how you can defend against it. -
Denial of Service in the Cloud
In some particularly sophisticated DDoS attacks, the attackers rely on and target the cloud, which allows them to work around conventional defense mechanisms. We explain how a DDoS attack in the cloud works, and how you can defend against it.
-
Harden your Apache web server
Cyberattacks don't stop at the time-honored Apache HTTP server, but a smart configuration, timely updates, and carefully considered security strategies can keep it from going under. -
Building a defense against DDoS attacks
Targeted attacks such as distributed denial of service, with thousands of computers attacking your servers until one of them caves in, cannot be prevented, but they can be effectively mitigated.