The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Slow HTTP Denial of Service Attack Warning

Discussion in 'Security' started by iceNick, Jan 26, 2016.

  1. iceNick

    iceNick Registered

    Joined:
    Jan 26, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Novi Sad, Serbia
    cPanel Access Level:
    Root Administrator
    Hello,
    When scanning my website with Acunetix, I got following security warning: Slow HTTP Denial of Service Attack.

    As suggested on lots of websites and forums, I changed Apache's Timeout from defaults 300 seconds to less, several times to several different values.

    It looks like if Timeout is 10 seconds, it went well, but any value more than this (like 15, 20, 25, 30 etc), it always returns same error - Slow HTTP Denial of Service Attack.

    Can you give me suggestions how to fix this issue, because 10 senonds is not enough for normal website use?


    Thank you in advance!
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    This sounds like an issue with that software scanner more than an issue with your cPanel.
    acunetix.com/blog/articles/response-time-affects-scans-performance/
    acunetix.com/blog/articles/slow-http-dos-attacks-mitigate-apache-http-server/
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    If you have ModSecurity you can limit the concurrent connections so that a single IP cannot cause apache to use all of its available connections.

    Set the following in your modsec2.user.conf located at /usr/local/apache/conf/modsec2.user.conf

    Code:
    SecConnEngine On
    SecConnReadStateLimit 20
    SecConnWriteStateLimit 20
    
    Run "httpd configtest" before restarting apache. If you get any errors then your modsecurity version is out-dated. Comment out those lines (place a # before them), and then you can run an easyapache keeping your same version of Apache and PHP to get ModSecurity updated. Once that is done uncomment the lines and you should be good to go.
     
Loading...

Share This Page