Talk:Slowloris (computer security)

From Wikipedia, the free encyclopedia
  (Redirected from Talk:Slowloris)
Jump to: navigation, search

Which software is unaffected?[edit]

The section "Mitigating the Slowloris attack" claims that some HTTP server software is unaffected yet doesn't list any. But as I understand the HTTP spec (RFC 2616), any server that responds in an HTTP-conforming way to a connection initiated by a slow modem (e.g. V.32bis at 14.4 kbps) is affected unless it drops the connection after the client sends too many request headers. What software is not affected and why not? --Damian Yerrick (talk | stalk) 17:27, 9 September 2010 (UTC)

The attack is more pronounced on Apache due to the fact that Apache has a MaxClients setting which imposes a restriction on the number of simultaneous connections the web server will allow. SlowLoris uses slow connections to exploit this limitation, but that isn't the only way to do so.
Servers may still be vulnerable even if they don't implement a hard limit on the number of of connections, as less than optimum connection handling can lead to the depletion of CPU and RAM resources on the server. This is classically known as the C10k problem. Motoma (talk | stalk) 21:13, 18 November 2010 (UTC)

Lighttpd affected or not?[edit]

Lighttpd is listed in the "affected servers" list, but later given as an example of a server that does not have the problem, along with nginx. Which is it? — Preceding unsigned comment added by 149.135.19.243 (talk) 23:54, 28 April 2014 (UTC)

External links modified[edit]

Hello fellow Wikipedians,

I have just added archive links to 2 external links on Slowloris (computer security). Please take a moment to review my edit. If necessary, add {{cbignore}} after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}} to keep me off the page altogether. I made the following changes:

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

Question? Archived sources still need to be checked

Cheers.—cyberbot IITalk to my owner:Online 11:58, 28 January 2016 (UTC)

External links modified[edit]

Hello fellow Wikipedians,

I have just added archive links to 2 external links on Slowloris (computer security). Please take a moment to review my edit. If necessary, add {{cbignore}} after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}} to keep me off the page altogether. I made the following changes:

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

Question? Archived sources still need to be checked

Cheers.—cyberbot IITalk to my owner:Online 01:50, 10 February 2016 (UTC)