slowloris http dos

bernhardredl at bernhardredl at
Sun Jul 12 20:08:35 CEST 2009

you may have heard about the slowloris http dos.
it is an prove of concept very very low bandwidth dos. 

with this tool an attacker with an 1MBit upload connection can completely interrupt service on an state of the art webserver running apache.

according to the project's website apache and squid are affected.
nginx and iis6,7 are not.

i recently testet varnish 2.0.4 and it is affected too. 
perl -dns -port 81 -timeout 1 -num 1000 -tcpto 5

this line resulted in a total Denial of Service. Altought the underlying apache was fully operate able during the attack

varnishstat shows a lot this:
     2544         0.00         2.67 N overflowed work requests
     20533       478.00        21.52 N dropped work requests

cpu & ram & bandwidth utilization : none

is there a possibility to fix this? or at least to get a bugreport. 
Because i think a varnish cluster will be affected too.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 270 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the varnish-dev mailing list