AnsweredAssumed Answered

Slow HTTP POST attack- Q150085

Question asked by Aamir Kazi on Nov 10, 2014
Latest reply on Nov 12, 2014 by fmc

Hi,

During the vulnerability test, I came across the slow HTTP POST - DoS attack warning. Based on the suggested procedures, I made config changes in my web server Win2008 R2- IIS 7.5 (snapshots attached). But I still keep getting the same warning of

Vulnerable to slow HTTP POST attack Connection with partial POST body remained open for: 128712 milliseconds even though my connection time out is set to 30 sec only.

 

The config changes were made as per recommendations:

 

Default Limits for Web Sites <limits> : The Official Microsoft IIS Site

 

http://www.iis.net/configreference/system.webserver/security/requestfiltering/requestlimits

Web Limits <webLimits> : The Official Microsoft IIS Site

 

Any suggestions?

Outcomes