Technology Encyclopedia Home >How to fix the HTTP Slow Denial of Service vulnerability?

How to fix the HTTP Slow Denial of Service vulnerability?

Created on 2025-09-03 18:16:15
20

To fix the HTTP Slow Denial of Service (DoS) vulnerability, you need to understand that this type of attack involves sending HTTP requests very slowly to exhaust server resources, such as keeping connections open for an extended period with minimal data transfer. This can lead to server exhaustion because it ties up connections and prevents legitimate users from accessing the service.

Explanation:

The HTTP Slow DoS attack, also known as Slowloris or Slow HTTP POST, works by opening a connection to the server and then sending HTTP headers or body content extremely slowly, never completing the request. Since the server keeps the connection open waiting for the full request, it can quickly run out of available connections, leading to a denial of service for legitimate traffic.

Solutions and Mitigation Strategies:

  1. Set Timeouts for Connections

    • Configure your web server to enforce strict timeouts for receiving headers, body data, and keeping connections alive.
    • For example, if a client is too slow to send the full HTTP request (headers or body), the server should terminate the connection after a short delay.

    Example (for Nginx):

    client_body_timeout 10s;
client_header_timeout 10s;
keepalive_timeout 5s;
send_timeout 10s;

    Example (for Apache):

    Timeout 10
KeepAliveTimeout 5

  2. Limit Concurrent Connections

    • Restrict the number of simultaneous connections from a single IP address to prevent one client from monopolizing server resources.

    Example (for Nginx):

    limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_conn addr 10;

  3. Use a Web Application Firewall (WAF)

    • Deploy a WAF that can detect and block abnormal traffic patterns associated with slow HTTP attacks. A WAF can identify slow header or body transmission and block malicious clients before they reach your backend.

    Recommended Tencent Cloud Service: Tencent Cloud Web Application Firewall (WAF)
    Tencent Cloud WAF provides protection against various HTTP-based attacks, including slow DoS attacks. It uses intelligent detection to identify abnormal request behaviors and can automatically block suspicious traffic.

  4. Implement Rate Limiting

    • Apply rate limiting rules to control how many requests a client can make over a certain time window. This helps mitigate the impact of slow and high-volume attacks.

  5. Disable Keep-Alive or Set Shorter Keep-Alive Durations

    • If your application does not require persistent connections, consider disabling HTTP Keep-Alive or reducing the keep-alive timeout to free up connections more quickly.

  6. Monitor and Log Suspicious Activity

    • Enable detailed access logs and monitor for unusual patterns such as many incomplete requests from the same IP, or connections that remain open longer than normal.

    Example:

    • Monitor logs for clients that have many connections with Transfer-Encoding: chunked or long gaps between data packets.

Summary of Actions:

Action Purpose
Set short timeouts Prevent long-lived incomplete connections
Limit concurrent connections Avoid resource exhaustion by a single client
Use WAF Detect and block malicious traffic automatically
Enable rate limiting Control request rates from clients
Monitor logs Identify and respond to attack patterns

By applying these techniques—especially in combination—you can effectively protect your web services from HTTP Slow DoS vulnerabilities. Leveraging a robust WAF like Tencent Cloud WAF adds an essential layer of automated protection and monitoring.