My Oracle Support Banner

How to Protect Oracle iPlanet Web Server 7.0 from Slowloris (Doc ID 1336162.1)

Last updated on AUGUST 21, 2018

Applies to:

Oracle iPlanet Web Server - Version 7.0 and later
Information in this document applies to any platform.

Goal

This article explains how to avoid a Slowloris DOS attack on Oracle iPlanet Web Server 7.0.x as is explained in the following blog by Jyri Virkki "Web Server 7 Meets Slowloris" . The added functionality of the "request-header-timeout" and "request-body-timeout" parameters in Web Server 7.0 can be used to protect the Web Server from Slowloris or any slow client attack.

Note: Previous Oracle iPlanet Web Server Versions (6.x and earlier) do not have the "request-header-timeout" and "request-body-timeout" parameter functionality. New features are not back ported to the previous releases. Upgrade to Oracle iPlanet Web Server 7.0.x (latest) to take advantage of these new features and implement the configuration changes required to avoid Slowloris.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.