I have an AWS ec2 web application running apache, that sits behind an application elastic load balancer, which is protected by a WAF (web application firewall).
My customer has performed a WAS against his web application URL (which goes through the WAF to the elb to the web server) and the scan results report that slow http post is a 'possible vulnerability'. I added the following to the apache configuration with mod_reqtimeout, and the scan results still show that slow http post as a possible vulnerability:
LoadModule reqtimeout_module modules/mod_reqtimeout.so
I also tried:
RequestReadTimeout header=10-20,MinRate=500 body=20,MinRate=500
Both configurations have the same result... slow http attack is a possible vulnerability.
In addition, I have performed a slowhttptest against the web application and the service never goes down and the connections do close. My slowhttptest parameters I used were:
slowhttptest -c 5000 -B -g -o my_body_stats -i 110 -r 200 -s 8192 -t POST -u https://mywebapp.net -x 10 -p 3
I did some header tests too and the results were the same, the service never goes down and connections do close.
Can someone please advise on what else I can do to fix these 'possible' vulnerabilities?