IBM i Apache Security Setting: RequestReadTimeout Alan Seiden

​A client asked for help addressing a Denial of Service (DoS) vulnerability that their security company discovered. The company found it could slow down the Apache web server by sending it incorrect headers. By sending an artificially high “Content-Length” header, they caused the web server to wait for data that would never come. One defense against this type of DoS attack is to limit how many seconds the web server will wait for input. IBM HTTP Server (powered by Apache) for i provides a directive called RequestReadTimeout that specifies how many seconds to wait to receive the complete headers and… The post IBM i Apache Security Setting: RequestReadTimeout appeared first on Seiden Group. Read More 

Verified by MonsterInsights