centos - nginx如何防御slowloris攻击?
漂亮男人
漂亮男人 2017-04-25 09:03:29
0
1
953

nginx被检测出slowloris攻击:针对任意HTTP Server,建立一个连接,以很低的速度发包,并保持住这个连接不断开。如果客户端持续建立这样的连接,那么服务器上可用的连接池将很快被占满,从而导致拒绝服务攻击。

给出的解决办法是:限制web服务器的HTTP头部传输的最大许可时间。

那么nginx该怎么设置呢?
我设置了
keepalive_timeout 65;
client_header_timeout 10;
client_body_timeout 10;
send_timeout 10;
可还是被检测出了有问题。后来想了想,client_header_timeout只是限制了两个包间的延时,只要保持着慢慢发就不会断,我需要让传输总时间超过了设定值就直接断掉。
该如何做呢?或者有应对slowloris的模块?

漂亮男人
漂亮男人

reply all (1)
漂亮男人

Is slowloris invalid for nginx?
You set the number of links for each IP.
To deal with attacks is to fight for resources. nginx does not require many resources to support this kind of link. Build a few more servers and set the number of links for each IP.
Check whether the attack is implemented through a post. You can set a cookie. If there is no cookie, just discard the post.

    Latest Downloads
    More>
    Web Effects
    Website Source Code
    Website Materials
    Front End Template
    About us Disclaimer Sitemap
    php.cn:Public welfare online PHP training,Help PHP learners grow quickly!