Score:0

Request header read timeout, DOS attack?

in flag

I have a –draft– server with Debian 10, Apache 2.4.38 and a few –rather empty– VHosts with GnuTLS. No proxy nor Nginx.

Every now and then, I get zillions of “AH01382: Request header read timeout” all coming from one IP, in the logs.

Usually, only one IP at a time. Normal navigation on those sites don't produce this, including webcrawlers'.

It can produce gigas of log lines in minutes, with thousands of requests in a hundredth of a second.

Those IPs are NXDOMAIN in a host request. My only solution at the moment is to netfiler DROP those IPs, AND restart apache server by hand. (I don't have a proper netfilter protection yet, rate limitation is needed here. Advice welcome.)

So tell me, this doesn't look like a server misconfiguration, does it? I mean, apart from info log level and lack of firewalling.

I don't find any reference on the web to such an attack, but it seems to me it is one, though quite a blind and weak DOS attempt. Any idea?

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.