Security Advisories

Trustwave Press Releases

« Sniper Forensics - Part V: Finding Evil Part II | Main | Spiders Are FUN!!! at DEF CON 19 »

13 July 2011


RequestReadTimeout doesn't expect a comma ",".

RequestReadTimeout header=30 body=30

What will happen if many connections are opened to a server and all of them start downloading a file very very slowly.... will this be another vector for a layer 7 attack.... pls discuss....

Thank you for help.It works!

@Sebastiaan Jansen - the "body=30" directive was just an example. Each site would need to adjust properly to allow for various uploads. Ideally what should be done is for the Apache Software Foundation (ASF) to update the mod_reqtimeout code and expand its coverage so that it could be defined within different Apache score locations (such as Directory, etc...) which would allow for specifying different thresholds per resource.

@Eugene Nelen - This ruleset assumes that you are using the OWASP ModSecurity Core Rule Set - In the modsecurity_crs_10_config.conf file, it properly initiates the IP collection which then allows other rules to add/increment variables.

I receive an error with this rules:
Message: Could not set variable "ip.slow_dos_counter" as the collection does not exist.
Message: Could not expire variable "ip.slow_dos_counter" as the collection does not exist.

Can you help me?

When one uses RequestReadTimeout body=30

Please mind internet users with slow internet connections (congested/rate-limited hotspots, mobile networks, third world countries/continents and rural areas)

Isn’t there a threshold on how many slow users can be serviced before timing out those downloads??
Not all object on websites are a few K’s.


How to face DDOS with "SecReadStateLimit" ?

How to face DDOS with "SERVER_BUSY_STATE"?

Fixed the typo thanks - the correct Apache directive name is RequestReadTimeout

You have a typo in the example config, it's not RequestReadyTimeout it's RequestReadTimeout, but beside that, thanks for letting us know about this!

The tool tested in this write up can now be found at

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Your Information

(Name is required. Email address will not be displayed with the comment.)