Talk:Slowloris (computer security)

Which software is unaffected?
The section "Mitigating the Slowloris attack" claims that some HTTP server software is unaffected yet doesn't list any. But as I understand the HTTP spec (RFC 2616), any server that responds in an HTTP-conforming way to a connection initiated by a slow modem (e.g. V.32bis at 14.4 kbps) is affected unless it drops the connection after the client sends too many request headers. What software is not affected and why not? --Damian Yerrick (talk | stalk) 17:27, 9 September 2010 (UTC)


 * The attack is more pronounced on Apache due to the fact that Apache has a MaxClients setting which imposes a restriction on the number of simultaneous connections the web server will allow. SlowLoris uses slow connections to exploit this limitation, but that isn't the only way to do so.
 * Servers may still be vulnerable even if they don't implement a hard limit on the number of of connections, as less than optimum connection handling can lead to the depletion of CPU and RAM resources on the server. This is classically known as the C10k problem. Motoma (talk | stalk) 21:13, 18 November 2010 (UTC)

Lighttpd affected or not?
Lighttpd is listed in the "affected servers" list, but later given as an example of a server that does not have the problem, along with nginx. Which is it? — Preceding unsigned comment added by 149.135.19.243 (talk) 23:54, 28 April 2014 (UTC)

External links modified
Hello fellow Wikipedians,

I have just added archive links to 2 one external links on Slowloris (computer security). Please take a moment to review my edit. If necessary, add after the link to keep me from modifying it. Alternatively, you can add to keep me off the page altogether. I made the following changes:
 * Added archive https://web.archive.org/20090629152805/http://iran.whyweprotest.net:80/general-discussion/2156-list-anti-protester-sites-2.html to http://iran.whyweprotest.net/general-discussion/2156-list-anti-protester-sites-2.html
 * Added archive https://web.archive.org/20090811013813/http://iran.whyweprotest.net:80/help-iran-online/6194-condensed-list-sites-w-pictures-part-1-a.html to http://iran.whyweprotest.net/help-iran-online/6194-condensed-list-sites-w-pictures-part-1-a.html

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

Cheers.—cyberbot II  Talk to my owner :Online 11:58, 28 January 2016 (UTC)

External links modified
Hello fellow Wikipedians,

I have just added archive links to 2 one external links on Slowloris (computer security). Please take a moment to review my edit. If necessary, add after the link to keep me from modifying it. Alternatively, you can add to keep me off the page altogether. I made the following changes:
 * Added archive https://web.archive.org/20090822001255/http://ha.ckers.org:80/slowloris/ to http://ha.ckers.org/slowloris/
 * Added archive https://web.archive.org/20090822001255/http://ha.ckers.org:80/slowloris/ to http://ha.ckers.org/slowloris/

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

Cheers.—cyberbot II  Talk to my owner :Online 01:50, 10 February 2016 (UTC)