The current version of modsecurity is 2.5.12 on ASG v8.300.
Consider upgrading to 2.6.x or at least to 2.5.13 as they have some improvements in terms of app layer DoS.
Specifically the SecWriteStateLimit directive useful against Slow-Read DoS Attacks and Slow POST attacks; present in modsecurity 2.6.
Furthremore the SecReadStateLimit directive, present in modsecurity 2.5.13 too, can help against Slow Request Header Attacks.
SourceForge.net: Reference Manual - mod-security
SourceForge.net: Reference Manual - mod-security
Details about these attacks can be found on:
(Updated) ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks - SpiderLabs Anterior
ModSecurity Advanced Topic of the Week: Mitigation of 'Slow Read" Denial of Service Attack - SpiderLabs Anterior
I suppose it's trivial to imagine what currently happens if you attempt one of these attacks against the Astaro WAF.
Adding those directives to the WAF config with some default values may help. I suppose we would see them in /var/chroot-reverseproxy/usr/apache/conf/waf/base.conf.
Thanks,
Adrian
This thread was automatically locked due to age.
