Hi all,
since I'm seeing worried people everywhere about the "apache vulnerability" as they call it (while it's just a reuse of a well-known weakness), and other people suggesting incomplete haproxy configuration files, I have prepared a generic haproxy configuration file to be installed without too much hassle in front of any server at risk, and I'm posting it here as it should help people find it more easily :
http://haproxy.1wt.eu/download/1.3/examples/antidos.cfg
It requires that apache is moved to 127.0.0.1:8080 and that haproxy is installed on pub:80 instead. It does no health check (since some people find it hard to make them work), and it is not a problem because there's only one server.
I have tested it against the Slowloris script and the Nkiller2 tool published in phrack (which is a very interesting method BTW). I have not set any ACL, tarpit nor cookies so that the config remains very basic. But of course it could be extended to detect and block more precise patterns.
Regards,
Willy
Received on 2009/06/28 15:58
This archive was generated by hypermail 2.2.0 : 2009/06/28 16:00 CEST