Monday, April 21, 2014

Using mod_reqtimeout to make HTTP Server less vulnerable for DOS Attack for CentOS

This steps are for CentOS 5 and 6

Step 1: Upgrade Apache HTTP to the latest version
# yum update httpd

Step 2: Edit the httpd.conf.
# vim /etc/httpd/conf/httpd.conf

Inside httpd.conf. Scroll all the way to LoadModule.......... section and add the line
LoadModule reqtimeout_module modules/

Step 3: Create a /etc/httpd/conf.d/reqtimeout.conf and put in the informationbelow
<ifmodule reqtimeout_module>
RequestReadTimeout header=10-20,minrate=500
RequestReadTimeout body=10,minrate=500

Step 4: To check whether the apache module is loaded, do
# apachectl -M
apache2ctl -M

  1. Mitigating WAS QID 150085 Slow HTTP POST Vulnerability on Apache

No comments: