i have just watched the following video The Slow Loris method of attack appears so simple in nature (65 lines of code and almost zero use of the hackers own bandwith during the attack) that one cannot help but laugh about it. But on a more serious note, it appears this type of attack is more of an issue with apache webservers because by design they open a new thread for each request. Apart from using an nginx webserver, has apache implemented a workaround for this kind of attack? For those of us running apache web servers, what do we do to combat it?
According to a reply in serverfault, it also affects nginx web server if its default configuration is not tuned up properly. Gloris can be used to test whether your server is properly configured to handle this attack.
In reading about slow loris type attacks using http...does this mean that ssl certificate websites with https are resilient against them? If so, can a webhost force all client websites to use only https to help protect against this type of attack through ispconfig control panel...ie disable http altogether?
No. It is a valid request but delayed in accepting response. You need to tune your webserver to overcome it even if it is using nginx. The reply I posted above have a tool for you to check your webserver capability in handling such a situation, if any.
