slowaris help

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
imadsani
Forum Regular
Forum Regular
Posts: 112
Joined: Mon Sep 16, 2013 10:10 am
Location: Lahore

slowaris help

Unread post by imadsani »

I keep getting this error while trying to upload large files (150 - 400MB) via my cms.

Code: Select all

[file "/etc/httpd/modsecurity.d/03_asl_dos.conf"] [line "35"] [id "343434"] [rev "1"] [msg "Atomicorp.com WAF Rules: Client Connection dropped by Apache due to slow connection, possible Slowaris attack"]
I've gone through the forums and understand this is not being caused by ASL but I'm on the verge of pulling my hair out here.

I've disable mod_qos to see if that was causing it but no, mod_evasive has also been disabled , no joy there either.

Here is a list of all the modules loaded into apache if it helps:

Code: Select all

core_module (static)
 so_module (static)
 http_module (static)
 access_compat_module (shared)
 actions_module (shared)
 alias_module (shared)
 allowmethods_module (shared)
 auth_basic_module (shared)
 auth_digest_module (shared)
 authn_anon_module (shared)
 authn_core_module (shared)
 authn_dbd_module (shared)
 authn_dbm_module (shared)
 authn_file_module (shared)
 authn_socache_module (shared)
 authz_core_module (shared)
 authz_dbd_module (shared)
 authz_dbm_module (shared)
 authz_groupfile_module (shared)
 authz_host_module (shared)
 authz_owner_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cache_module (shared)
 cache_disk_module (shared)
 data_module (shared)
 dbd_module (shared)
 deflate_module (shared)
 dir_module (shared)
 dumpio_module (shared)
 echo_module (shared)
 env_module (shared)
 expires_module (shared)
 ext_filter_module (shared)
 filter_module (shared)
 headers_module (shared)
 include_module (shared)
 info_module (shared)
 log_config_module (shared)
 logio_module (shared)
 mime_magic_module (shared)
 mime_module (shared)
 negotiation_module (shared)
 remoteip_module (shared)
 reqtimeout_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 slotmem_plain_module (shared)
 slotmem_shm_module (shared)
 socache_dbm_module (shared)
 socache_memcache_module (shared)
 socache_shmcb_module (shared)
 status_module (shared)
 substitute_module (shared)
 suexec_module (shared)
 unique_id_module (shared)
 unixd_module (shared)
 userdir_module (shared)
 version_module (shared)
 vhost_alias_module (shared)
 dav_module (shared)
 dav_fs_module (shared)
 dav_lock_module (shared)
 lua_module (shared)
 mpm_event_module (shared)
 proxy_module (shared)
 lbmethod_bybusyness_module (shared)
 lbmethod_byrequests_module (shared)
 lbmethod_bytraffic_module (shared)
 lbmethod_heartbeat_module (shared)
 proxy_ajp_module (shared)
 proxy_balancer_module (shared)
 proxy_connect_module (shared)
 proxy_express_module (shared)
 proxy_fcgi_module (shared)
 proxy_fdpass_module (shared)
 proxy_ftp_module (shared)
 proxy_http_module (shared)
 proxy_scgi_module (shared)
 proxy_wstunnel_module (shared)
 systemd_module (shared)
 cgid_module (shared)
 sed_module (shared)
 security2_module (shared)

nicolasmitchell
New Forum User
New Forum User
Posts: 1
Joined: Sat Aug 27, 2016 3:05 pm
Location: Cambridgeshire

Re: slowaris help

Unread post by nicolasmitchell »

I saw this error this week and my initial investigations have led me to the configuration of mod_reqtimeout. In ASL this is set in:

Code: Select all

/etc/httpd/modsecurity.d/000000_asl_modreqtimeout.conf
And this is the config:

Code: Select all

<IfModule reqtimeout_module>
# Wait max 10 seconds for the first byte of the request line+headers
# From then, require a minimum data rate of 500 bytes/s, but don't
# wait longer than 20 seconds in total.
RequestReadTimeout header=10-20,minrate=500

# Wait max 10 seconds for the first byte of the request body (if any)
# From then, require a minimum data rate of 500 byte/s.
RequestReadTimeout body=10,minrate=500
</IfModule>
I haven't followed through with solving my issue yet, but I guess these are the values you need to vary. I guess start by disabling the module in:

Code: Select all

/etc/httpd/conf.modules.d/00-base.conf
Post Reply