node-slowloris
Advanced tools
helps aliviate slow loris attack by giving developer 2 extra options, 1- headerTimeout, the timeout to receive the headers. 2- minRate the minimum rate (bytes/second) with rateOverhead to compensate for initial delay to receive data
helps aliviate slow loris attack by giving developer 2 extra options:
1- headerTimeout, the timeout to receive the headers.
2- minRate the minimum rate (bytes/second) with rateOverhead to compensate for initial delay to receive data
NOTE: As there is no event in node for request start, as in before headers not after headers (since slow header is part of slowloris) I cant measure the time since the request started. SO to circumvent that I used the connection event but had to disable keepAlive since otherwise more than one request wil be served in one connection and I cant measure the time since the requests started (as in before headers as above). It would be great if node adds a request start event this way I could measure the time from that event and wont have to disable the keepAlive functionality
var http = require('http');
var slowloris = require('slowloris');
var server = http.createServer(function (req, res) {
res.writeHead(200, {'Content-Type': 'text/plain'});
res.write('Hello World!');
res.end();
});
server.listen(8080);
slowloris(server, {
headerTimeout: 5000, // in ms, default 2500
minRate: 1000, // bytes per second, default 500
rateOverhead: 100 // in ms this will be subtracted from the time when calculating the rate, default 50
});
FAQs
helps aliviate slow loris attack by giving developer 2 extra options, 1- headerTimeout, the timeout to receive the headers. 2- minRate the minimum rate (bytes/second) with rateOverhead to compensate for initial delay to receive data
The npm package node-slowloris receives a total of 0 weekly downloads. As such, node-slowloris popularity was classified as not popular.
We found that node-slowloris demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.