What is Slowloris?
Slowloris is a DoS (Denial-of-Service) tool designed to perform Slow HTTP Attacks, which are a type of DoS/DDoS attack.
Slow HTTP attacks work by sending fragmented HTTP requests very slowly to a web server to prevent the connection from being closed. This technique monopolizes the server’s resources, eventually causing it to stop functioning or become unavailable. Because this method can target large websites with minimal resources, it is also referred to as an Asymmetric Attack. Slow HTTP attacks are particularly effective against Apache servers, whereas they are believed to have no impact on Microsoft Internet Information Services (IIS) servers. Starting with Apache 2.2.15, the module mod_reqtimeout was added to defend against these attacks.
Unlike UDP floods or similar attacks, slow HTTP attacks do not require large numbers of bots, making DDoS attacks easier to execute. This attack is challenging to handle with firewalls that monitor Layers 2/3, which adds to its complexity.
To effectively defend against such attacks, utilizing a Web Application Firewall (WAF) such as F5 BIG-IP, which includes specific protections against Slow HTTP Attacks, is recommended.