Slowloris is designed so that a single machine (probably a Linux/UNIX machin e since Windows appears to limit how many sockets

you can have open at any given time) can easily tie up a typical web server or proxy server by locking up all of it's threads as they patiently wait for more data. Some servers may have a sm aller tolerance for timeouts than others, but Slowloris can compensate for that by customizing the timeouts. There is an added function to help you get started with finding the right sized timeouts as well. As a side note, Slowloris does no t consume a lot of resources so modern operating systems don't have a need to st art shutting down sockets when they come under attack, which actually in turn ma kes Slowloris better than a typical flooder in certain circumstances. Think of S lowloris as the HTTP equivalent of a SYN flood. I recently had to defend a live attack with slowloris-dos from a botnet. The loa d-impact is very low but http quits serving very fast. A quick approach was to m angle with timeout settings, wich is fine to defend a single attacker but leads into new issues (ie. large NAT on client-side). mod_qos gives some fine-grained opportunities to scale the number of used connec tions and to defend an attack according to bandwidth limits. Unfortunately it is only available as source-package and there are many possible settings, wich mig ht be hard to setup for this special case. So I provide the way that helped me. 1. Get the source, build & install mod_qos is available from sourceforge (http://sourceforge.net/projects/mod-qos/) . You will find documentation here http://mod-qos.sourceforge.net/. cd /tmp/ wget http://downloads.sourceforge.net/sourceforge/mod-qos/mod_qos-8.13-src.tar.g z?use_mirror=freefr tar xvfz mod_qos-8.13-src.tar.gz You might want to copy & paste the direct link from sourceforge. As we want to c ompile mod_qos by use of apxs, we need to install the appropriate dev package an d gcc of course, ie: apt-get install apache2-threaded-dev gcc Now build & install cd mod_qos-8.13/apache2/ apxs2 -i -c mod_qos.c If everything worked fine you'll get something like this: ---------------------------------------------------------------------Libraries have been installed in: /usr/lib/apache2/modules If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking

- use the `-Wl,--rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to `/etc/ld.so.conf' See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------chmod 644 /usr/lib/apache2/modules/mod_qos.so

1 Preliminary Note I want to install activeCollab in a vhost called www.example.com/example.com her e with the document root /var/www/www.example.com/web. You should have a working LEMP installation, as shown in this tutorial: Installing Nginx With PHP5 (And PHP-FPM) And MySQL Support (LEMP) On Ubuntu 12.10 A note for Ubuntu users: Because we must run all the steps from this tutorial with root privileges, we ca n either prepend all commands in this tutorial with the string sudo, or we becom e root right now by typing sudo su 2 GRANT ALL PRIVILEGES ON activecollab.* TO 'ac_admin'@'localhost' IDENTIFIED BY ' ac_admin_password'; GRANT ALL PRIVILEGES ON activecollab.* TO 'ac_admin'@'localhost.localdomain' IDE NTIFIED BY 'ac_admin_password'; FLUSH PRIVILEGES; quit; Next we create an nginx vhost configuration for our www.example.com vhost in the /etc/nginx/sites-available/ directory as follows: vi /etc/nginx/sites-available/www.example.com.vhostInstall packages for nginx apt-get install nginx php5-fpm php5 php5-mysql php5-pgsql php5-imap php-pear php 5-sqlite php5-ldap php5-gd php5-imagick php5-curl php-apc apt-get install php5-mcrypt php5-pspell php5-xmlrpc php5-xsl php5-cgi php-auth p hp-auth-sasl php-net-smtp Install MySQL Server apt-get install mysql-server Configure Nginx Delete default site (optional) rm -f /etc/nginx/sites-enabled/default

Create template-file for vhosts cd /etc/nginx/sites-available/ touch template-with-ssl touch template Vhost with ssl-support Insert following to file nano /etc/nginx/sites-available/template-with-ssl server { listen 80; # .domain.com will match both domain.com and anything.domain.com server_name www.domain.tld domain.tld; rewrite ^ https://$server_name$request_uri? permanent; # It is best to place the root of the server block at the server level, and not the location level # any location block path will be relative to this root. root /var/www/www.domain.tld; # It's always good to set logs, note however you cannot turn off the error log # setting error_log off; will simply create a file called 'off'. access_log /var/log/nginx/example.access.log; error_log /var/log/nginx/example.error.log; # This can also go in the http { } level index index.html index.htm index.php; location / { # if you're just using wordpress and don't want extra rewrites # then replace the word @rewrites with /index.php try_files $uri $uri/ @rewrites; } location @rewrites { # Can put some of your own rewrite rules in here # for example rewrite ^/~(.*)/(.*)/? /users/$1/$2 last; # If nothing matches we'll just send it to /index.php rewrite ^ /index.php last; } # This block will catch static file requests, such as images, css, js # The ?: prefix is a 'non-capturing' mark, meaning we do not require # the pattern to be captured into $1 which should help improve performance location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { # Some basic cache-control for static files to be sent to the browser expires max; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } # remove the robots line if you want to use wordpress' virtual robots.txt location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; }

# this prevents hidden files (beginning with a period) from being served location ~ /\. { access_log off; log_not_found off; deny all; } location ~ \.php { fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_index index.php; fastcgi_pass unix:/var/run/php5-fpm.sock; include fastcgi_params; } } # just, if you want to use ssl-vhost # this prevents hidden files (beginning with a period) from being served location ~ /\. { access_log off; log_not_found off; deny all; } location ~ \.php { fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_index index.php; fastcgi_pass unix:/var/run/php5-fpm.sock; include fastcgi_params; } } Vhost for HTTP only nano /etc/nginx/sites-available/template server { listen 80; # .domain.com will match both domain.com and anything.domain.com server_name www.domain.tld domain.tld; #rewrite ^ https://$server_name$request_uri? permanent; # It is best to place the root of the server block at the server level, and not the location level # any location block path will be relative to this root. root /var/www/www.domain.tld; # It's always good to set logs, note however you cannot turn off the error log # setting error_log off; will simply create a file called 'off'. access_log /var/log/nginx/rugia.access.log; error_log /var/log/nginx/rugia.error.log; # This can also go in the http { } level index index.html index.htm index.php; location / { # if you're just using wordpress and don't want extra rewrites # then replace the word @rewrites with /index.php try_files $uri $uri/ @rewrites; } location @rewrites { # Can put some of your own rewrite rules in here # for example rewrite ^/~(.*)/(.*)/? /users/$1/$2 last; # If nothing matches we'll just send it to /index.php rewrite ^ /index.php last;

} # This block will catch static file requests, such as images, css, js # The ?: prefix is a 'non-capturing' mark, meaning we do not require # the pattern to be captured into $1 which should help improve performance location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { # Some basic cache-control for static files to be sent to the browser expires max; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } # remove the robots line if you want to use wordpress' virtual robots.txt location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } # this prevents hidden files (beginning with a period) from being served location ~ /\. { access_log off; log_not_found off; deny all; } location ~ \.php { fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_index index.php; fastcgi_pass unix:/var/run/php5-fpm.sock; include fastcgi_params; } } Create first vhost Use template cp /etc/nginx/sites-available/template /etc/nginx/sites-available/gallery.domain .tld Edit path-variables nano /etc/nginx/sites-available/gallery.domain.tld server_name gallery.domain.tld; root /var/www/gallery.domain.tld; access_log /var/log/nginx/gallery.access.log; error_log /var/log/nginx/gallery.error.log; Create your directory-structure mkdir -p /var/www/gallery.domain.tld chown -R www-data:www-data /var/www Enable your vhost ln -s /etc/nginx/sites-available/gallery.domain.tld /etc/nginx/sites-enabled/gal lery.domain.tld Now restart services: /etc/init.d/php5-fpm restart /etc/init.d/nginx restart

Test PHP Create a test file with phpinfo: nano /var/www/gallery.domain.tld/test.php <?php phpinfo(); ?> For quick test purposes just edit the hosts file with vhost name; in this sample the IP of the server is 192.168.1.10: 192.168.1.10 gallery.domain.tld Now open your browser and navigate to: http://gallery.domain.tld If you see an informational page about the installed php version, everything is ok now you can delete your test file: rm -f nano /var/www/gallery.domain.tld/test.php Configure Piwigo Create database & user username: gallery01 password: PASSWORD Connect to MySQL: mysql -u root -p create database gallery01; grant all on gallery01.* to 'gallery'@'localhost' ide ntified by 'PASSWORD'; flush privileges; \q; Download netinstall-file for piwigo cd /var/www/gallery.domain.tld wget http://piwigo.org/download/dlcounter.php?code=netinstall mv dlcounter.php\?code\=netinstall netinstall.php chown www-data:www-data netinstall.php Configuration tweaks nano /etc/php5/fpm/php.ini upload_tmp_dir = /tmp upload_max_filesize = 20M max_file_uploads = 20 nano /etc/nginx/nginx.conf client_max_body_size 20M; client_body_buffer_size 128k; Don't forget to restart services:

/etc/init.d/php5-fpm restart /etc/init.d/nginx restart