Preventing a Slowloris attack on WebCenter

Slowloris refers to a software program that opens several connections to a target web server and tries to keep them alive as long as possible, it will send part of requests periodically, without finishing them, so the server will let the connections alive, waiting for the request to be completed; eventually connection pool will be full and all the requests from users will be refused. Thus, it is a type of hacking attack which makes the web server to stop granting access to users.

For WebCenter implementations that are publicly accessible on the internet, it is important to prevent this type of attacks by configuring the web server. If you are using Oracle HTTP Server (OHS) which is based on Apache technology, the mod_reqtimeout module will solve this issue, as it sets a timeout and a minimum data rate for incoming requests.

In the OHS configuration file (httpd.conf), the following lines would be added:


  <IfModule reqtimeout_module>

#Minimum time to receive the request header is 10 seconds, allowing an increase of 1 second for every 500 bytes received, with a maximum of 40 seconds.

RequestReadTimeout header=10-40,minrate=500

#Minimum time to receive the request body is 20 seconds, increasing 1 second for every 500 bytes received. Limit is set by LimitRequestBody.

RequestReadTimeout body=20,minrate=500

  </IfModule>

After restarting OHS, changes would be applied.

So, is that all? Wait, it is not that easy, those values should be adjusted according to the loading time of the Portal pages and the network perfomance of the users.

References

 

Slowloris Definition
Understanding OHS Modules
Apache Module mod_reqtimeout