Slowloris is a type of denial-of-service (DoS) attack that targets vulnerabilities in web servers and their implementation of the HTTP protocol. The attacker opens multiple connections to the target server and very slowly sends HTTP headers to keep the connections open, preventing the server from serving legitimate requests. Apache Tomcat is a commonly used web container that runs Java applications and can also be a target for these attacks. In this article, we'll discuss steps to secure Tomcat against Slowloris attacks on the CentOS 7 operating system.
Prerequisites
Before getting started, make sure you have:
- Apache Tomcat installed and running.
- Access to the server with superuser privileges.
Step 1: Update System and Tomcat
Begin by updating your system and installed packages to the latest version. This will help ensure you have the latest security patches
sudo yum update -y
Step 2: Install mod_security and mod_evasive Modules
mod_security and mod_evasive are Apache modules that can help protect your server against various types of attacks, including Slowloris. Although Tomcat itself is not an Apache server, you can use Apache as a reverse Proxy in front of Tomcat, allowing you to leverage these modules to enhance security.
Install Apache:
sudo yum install httpd -y
Then, install mod_security and mod_evasive:
sudo yum install mod_security mod_evasive -y
Step 3: Configure Apache as Reverse Proxy
Edit the Apache configuration file (/etc/httpd/conf/httpd.conf) to act as a reverse proxy for Tomcat. Add the following configuration at the end of the file:
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
Replace localhost:8080 with the address and port where your Tomcat server is running.
Step 4: Configure mod_security and mod_evasive
The configuration of mod_security and mod_evasive depends on your specific needs and environment. A basic mod_evasive configuration may look like this:
Create a configuration file for mod_evasive:
sudo vi /etc/httpd/conf.d/mod_evasive.conf
And add the basic directives:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
Step 5: Restart Apache and Tomcat
After making all the changes, restart Apache and Tomcat to apply the new settings:
sudo systemctl restart httpd
sudo systemctl restart tomcat
By following these steps, you have performed basic configuration to protect against Slowloris attacks for Tomcat running on CentOS 7. It's important to regularly monitor your logs and adjust the configuration according to the needs of your traffic to achieve the best possible protection.
