Scott Miller

Mitigating WAS QID 150085 Slow HTTP POST Vulnerability on Apache

Discussion created by Scott Miller on Jun 15, 2012
Latest reply on Jul 3, 2012 by Scott Miller

The Apache module mod_reqtimeout can be used to help mitigate WAS QID 150085 Slow HTTP POST on Linux. A link to Apache's documentation can be found here:

 

http://httpd.apache.org/docs/2.2/mod/mod_reqtimeout.html

 

Below is how to enable this module for Ubuntu / Debian, as well as Red Hat / CentOS. After enabling this module, rescan to see if the vulnerability has been remediated.

 


 

Ubuntu / Debian:

 

1. Enable mod_reqtimeout:

 

 

$ sudo a2enmod reqtimeout

 

 

2. Restart Apache:

 

 

$ sudo /etc/init.d/apache2 restart

 

 

Done.

 

 

If needed, adjust the configuration for this module by editing this file:

 

 

/etc/apache2/mods-available/reqtimeout.conf

 

 


 

Red Hat / CentOS:

 

 

1. Edit the Apache config file:

 

 

/etc/httpd/conf/httpd.conf

 

 

Add in this line and save:

 

 

LoadModule reqtimeout_module modules/mod_reqtimeout.so

 

 

2. Create the file /etc/httpd/conf.d/reqtimeout.conf with the following contents and save:

 

 

<IfModule reqtimeout_module>

 

 

# Wait max 10 seconds for the first byte of the request line+headers

# From then, require a minimum data rate of 500 bytes/s, but don't

# wait longer than 20 seconds in total.

RequestReadTimeout header=10-20,minrate=500

 

 

# Wait max 10 seconds for the first byte of the request body (if any)

# From then, require a minimum data rate of 500 byte/s.

RequestReadTimeout body=10,minrate=500

 

 

</IfModule>

 

 

3. Restart Apache:

 

 

$ sudo service httpd restart

 

 

Done.

 

 

Note that adjustments as desired can be made as desired to the config file for this module. Testing should be done to confirm module settings do not cause any problems with hosted web applications in use!

Outcomes