ACE config for delayed binding to mitigate Slowloris HTTP DOS attack

Unanswered Question
Sep 22nd, 2010

More info on the Slowloris attack here.  http://www.funtoo.org/en/security/slowloris/  To mitigate this the following CSS config was given.  I converted it to the ACE using the web based conversion tool on the ACE

# CSS

content www_80_rule
        vip address 10.5.154.200
        protocol tcp
        port 80
        add service wwwserver1_80
        add service wwwserver2_80
        url "/*"
        active

# ACE

class-map type http loadbalance match-any DELAYED_BINDING
   match http url "[.]*"

policy-map type loadbalance first-match web_services
  class DELAYED_BINDING
    serverfarm web_services

Unfortunately when applied to a server farm all HTTP traffic is denied.  Not sure what I'm missing.  Has anyone successfully used a delayed binding to mitigate this kind of attack?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion