[Bug 392759] Re: apache2 DoS attack using slowloris
Jonathan Marsden
jmarsden at fastmail.fm
Mon Sep 21 07:04:31 BST 2009
Apparently apache2-mpm-worker *is* the default choice of mpm, at least
some of the time (though the machine I first checked on had apache-mpm-
prefork, I am unsure why). My mistake, it would appear.
Using apache2-mpm-prefork would appear to be a viable workaround, unless
it leads to performance issues on a heavily loaded server.
So this comes down to whether slowloris is "a serious remote denial of
service" (since it does not cause local root privilege escalation or
data loss, as far as I know).
Dekar: What makes you believe slowloris is a "serious remote denial of
service"? Is it currently in widespread use? I have no idea what the
criteria for "serious" might be!
In some ways, this bug is at its heart a request to package mod-
antiloris. There appears to already be a libapache2-mod-antiloris
package in Debian unstable and Debian testing; perhaps it can be synced
into Ubuntu?
--
apache2 DoS attack using slowloris
https://bugs.launchpad.net/bugs/392759
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list