Last Updated: February 25, 2016
· nmalcolm

mod_antiloris - Anti Slowloris Apache Module


Slowloris is a piece of software written by Robert "RSnake" Hansen which allows a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports.

Slowloris tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target web server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to—but never completing—the request. Affected servers will keep these connections open, filling their maximum concurrent connection pool, eventually denying additional connection attempts from clients.

More information about the attack:


mod_antiloris limits the number of simultaneous connections per IP address that are in the "reading request" state on Apache 2.x systems. It can mitigate denial of service attacks done with the "slowloris" script.