What is Slowloris? How to mitigate against Slowloris attacks?

Slowloris is a type of Denial of Service (DoS) attack that was first discovered in 2009. The attack is designed to overwhelm a targeted server by sending a large number of HTTP requests, but unlike other types of DoS attacks, Slowloris attacks are designed to be slow and gradual. Slowloris attacks are effective because they can be carried out using a single machine and do not require a large network of computers. In this article, we’ll explore how Slowloris attacks work and provide detailed instructions on how to mitigate against them.

How Slowloris Attacks Work

Slowloris attacks work by establishing partial connections with a targeted server and holding them open for as long as possible. By doing so, the attacker can exhaust the server’s resources and cause it to crash or become unresponsive. Slowloris attacks are effective because they do not require a large volume of traffic, and can be carried out with a single machine.

Mitigating Against Slowloris Attacks

There are several ways to mitigate against Slowloris attacks. Below, we’ll outline some of the most effective methods:

  1. Limit the number of connections allowed

By limiting the number of connections allowed on a server, you can help mitigate against Slowloris attacks. This will allow your server to handle more connections from genuine users, and prevent Slowloris attacks from overwhelming your server.

  1. Configure a timeout for connections

Configuring a timeout for connections is another effective way to mitigate against Slowloris attacks. By setting a timeout, you can ensure that partial connections are closed after a certain period, preventing attackers from holding connections open indefinitely.

  1. Install a web application firewall

Installing a web application firewall (WAF) can help prevent Slowloris attacks by filtering out suspicious traffic and blocking requests from known attackers. Many WAFs also come with pre-configured rules that can detect and block Slowloris attacks automatically.

  1. Implement rate limiting

Implementing rate limiting on your server can also help prevent Slowloris attacks. By setting a limit on the number of connections allowed from a single IP address, you can prevent attackers from overwhelming your server with a large number of connections.

  1. Keep your server software up to date

Keeping your server software up to date with the latest security patches and updates is crucial to prevent Slowloris attacks. Many Slowloris attacks target known vulnerabilities in server software, so keeping your software up to date can help mitigate against these attacks.

Conclusion

Slowloris attacks are a serious threat to servers and websites, but with the right mitigation strategies, you can help protect your server against these attacks. By increasing the number of connections allowed, configuring timeouts, installing a web application firewall, implementing rate limiting, and keeping your server software up to date, you can significantly reduce the risk of Slowloris attacks. It’s also important to regularly monitor your server for unusual activity and be prepared to respond quickly in the event of an attack.

Vivek
I am a CDN professional, having experience with various CDN platforms, including, and not limited to, Akamai, Bitgravity, Cloudfront, Cloudflare. Involved with performance analysis, troubleshooting and optimizing web applications' CDN and Security integrations.

Leave a Reply

Your email address will not be published. Required fields are marked *