Slow HTTP attacks are denial-of-service (DoS) attacks in which the attacker sends HTTP requests in pieces slowly, one at a time to a Web server. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. When the server’s concurrent connection pool reaches its maximum, this creates a DoS. Slow HTTP attacks are easy to execute because they require only minimal resources from the attacker.
Why is this a problem and need special protection required?
Such attack can bring down a Web server, irrespective of its hardware capabilities.
This article describes the steps to protect webserver from Slow HTTP Attack. The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall Applicable version 16.x.x
In Sophos XG Firewall, the Slow HTTP attacks can be protect by setting a timeout for request headers. As shown in below image.
If the timeout is too short, it risk dropping legitimate slow connections; and if it’s too long, it don’t get any protection from attacks. Its recommend a timeout value based on connection length statistics, For example, a timeout slightly greater than median lifetime of connections should satisfy most of the legitimate clients.
Note: The SlowHTTP Protection is global option only. Hence, it will be applicable for all web-server added in the UTM.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.