Slow HTTP denial of Service Attack

Rectification Suggestions

1. Interrupts using URLs that do not support HTTP method access

2. Limit HTTP headers and packet length to a reasonable value

3. Set an absolute session timeout time

4. The server supports the backlog case, needs to set a reasonable size

5. Set a minimum inbound data rate

Penetration Status:

Security Scan + Manual test.

The principle of vulnerability:

Scan Discovery Web

The server or application server has a slow HTTP denial of Service attack vulnerability.

Vulnerability Hazard:

When a malicious attacker initiates an HTTP request at a low rate, allowing the service side to remain connected for a long time, making the service side vulnerable to all available connections, resulting in a denial of service

-----------------------------------------------------------------------

Try to resolve:

1.Just in Case:for a plain Tomcat the corresponding solution are to add:

org.apache.tomcat.util.http.parameters.max_count=10000

In Catalina.properties

2. maxhttpheadersize= "8192" set limit HTTP headers and packet length

maxthreads= "minsparethreads=" maxsparethreads= "75"
Enablelookups= "false" redirectport= "8443" disableuploadtimeout= "true"/>

3 [Room recommendations] The Tomcat profile Server.xml the following settings (note the appropriate port, restart the service): ${tomcat-home}/conf/server.xml To change the implementation of connector, using NIO (non-blocking io) Implementation replaces the default bio (blocking IO) implementation to increase the number of concurrent connections, as follows:
<connector port= "8080" protocol= "http/1.1"
connectiontimeout= "20000"
redirectport= "8443"/>
To
<connector port= "8080" protocol= "Org.apache.coyote.http11.Http11NioProtocol"
connectiontimeout= "8000"
redirectport= "8443"/>
Change the ConnectionTimeout configuration entry value to around 8000 (8 seconds) 4 Stackflow recommends using Apache to block with Apahce + tomcat.