HTTP Slow Post和IIS设置可防止 [英] HTTP Slow Post and IIS settings to prevent

问题描述

因此，我们从一家安全公司获得了此报告，称我们在IIS 8.0上运行的MVC网站容易受到缓慢的HTTP post DoS攻击的影响.该报告指出，我们应该

So we got this report from a Security Company saying our MVC website running on IIS 8.0 was vulnerable to slow HTTP post DoS attack. The report stated we should

• 限制请求属性是通过<RequestLimits>元素实现的， 特别是maxAllowedContentLength，maxQueryString和maxUrl 属性.
• 设置<headerLimits>以配置标头的类型和大小 Web服务器将接受.
• 调整connectionTimeout，
  <limits>
  的headerWaitTimeout和minBytesPerSecond属性 和<WebLimits>元素，以最大程度地降低HTTP慢速攻击的影响.

• Limit request attributes is through the <RequestLimits> element, specifically the maxAllowedContentLength, maxQueryString, and maxUrl attributes.
• Set <headerLimits> to configure the type and size of header your web server will accept.
• Tune the connectionTimeout,
  headerWaitTimeout, and minBytesPerSecond attributes of the <limits>
  and <WebLimits> elements to minimize the impact of slow HTTP attacks.

问题是我很难找到有关如何设置这些值的任何建议.例如. minBytesPerSecond的默认值为240，但是如何防止SlowHTTPPost攻击呢?

The trouble is I'm having a hard time finding any recommendations on how these values should be set. Eg. the minBytesPerSecond is default 240, but what should it be to prevent SlowHTTPPost attacks?

欢呼 詹斯

推荐答案

所以，最终遵循了这个人的建议:

So, ended up following this guy's recommendations:

http://cagdasulucan.blogspot.se/2013/02/iis-recommendations-against-slow-http.html

这篇关于HTTP Slow Post和IIS设置可防止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！