Web server that use threaded processes such as Apache and others can be targeted using interesting HTTP DoS tool that has been released in wild. Tool can eat up all resources while it holds the connection open to server and keep sending incomplete HTTP requests. End result Apache run out of memory and comes under DoS attack.
According to this blog post –
This affects a number of webservers that use threaded processes and ironically attempt to limit that to prevent memory exhaustion – fixing one problem created another. This includes but is not necessarily limited to the following:
* Apache 1.x
* Apache 2.x
* GoAhead WebServer
There are a number of webservers that this doesn’t affect as well, in my testing:
Mitigating Apache DoS Attacks
I’ve not tested any of these solutions but PF syn proxy and FreeBSD’s accf_http (which buffer incoming connections until a certain complete HTTP requests arrive) kernel module can be used to migrate the same. I’m sure both PF and Iptables can be used to
stop mitigating this attack by limiting connections per IP. Also, Apache can be configured to timeout quickly. Another option is to put lighttpd in front of Apache and proxy out requests to real httpd server. I will update this post later on with my findings.
A little more available below:
=> Apache HTTP DoS tool released