Our features site is undergoing a refresh! Be sure to explore the revamped site and discover our latest product roadmap launching here on Monday, March 18th.
New Topic
cPanel & WHM Feature RequestsTopicWeb Servers
This object is in archive! 
Properties
Category Web Servers

Apache module inclusion : mod_antilorus

david-dunn shared this idea 12 years ago
Completed

Hi Guys,


At the moment it would appear that cPanel / EasyApache ships without any 'SlowLorus' protection (which is a vulnerability in Apache which can DoS Apache in to being unresponsive and 'eat up' all of the connections Apache has available.


All it takes is one simple script on a Virtual Machine to take out nearly any cPanel server running Apache (from what I can tell) unless you are running mod_antilorus, which is not currently part of EasyApache.


Having this as a module (which I would recommend enabled by default) as part of Apache would really make sense to me from a security standpoint.


Further information regarding both the attack and fix can be found here:


http://ha.ckers.org/slowloris/

http://sourceforge.net/projects/mod-antiloris/


I know it's about two years old, and the advent of Apache 2.4 using the MPM workers *should* resolve this, I still think it would be a worthwhile inclusion.


Best Regards,David Dunn

Micron21

1 I like this idea 0  
Best Answer
photo
Aila 12 years ago

Administrators may use mod_qos to protect against SlowLoris attacks. EasyApache has provided mod_qos for some time.

Replies (2)

photo
1
Aila 12 years ago

mod_qos was added to EasyApache last year to allow system administrators to protect there systems from slowlorus.


From looking at the mod_antilorus page the module looks abandoned. The last code change happened 2 and half years ago.

photo
1
Aila 12 years ago

Administrators may use mod_qos to protect against SlowLoris attacks. EasyApache has provided mod_qos for some time.

Replies have been locked on this page!

cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.