Bug#533661: Use iptables
At the moment, the best defense is using iptables connlimit with a
reasonable maximum number of connections per IP (like 1/5 or 1/10 of
what your server can handle). This will give you good protection from
single attacking hosts. When the attacker has many hosts (i.e. a
botnet) you have lost anyway.
If you can't use iptables (e.g. if you only have some vserver), there
is libapache2-mod-antiloris in Debian unstable and testing. The
package should work in stable and oldstable, too. Mod_antiloris may be
better than nothing, but the slowloris script can be easily modified
to circumvent mod_antiloris.
Reply to: