node-slowloris
Advanced tools
Readme
helps aliviate slow loris attack by giving developer 2 extra options:
1- headerTimeout, the timeout to receive the headers.
2- minRate the minimum rate (bytes/second) with rateOverhead to compensate for initial delay to receive data
NOTE: As there is no event in node for request start, as in before headers not after headers (since slow header is part of slowloris) I cant measure the time since the request started. SO to circumvent that I used the connection event but had to disable keepAlive since otherwise more than one request wil be served in one connection and I cant measure the time since the requests started (as in before headers as above). It would be great if node adds a request start event this way I could measure the time from that event and wont have to disable the keepAlive functionality
var http = require('http');
var slowloris = require('slowloris');
var server = http.createServer(function (req, res) {
res.writeHead(200, {'Content-Type': 'text/plain'});
res.write('Hello World!');
res.end();
});
server.listen(8080);
slowloris(server, {
headerTimeout: 5000, // in ms, default 2500
minRate: 1000, // bytes per second, default 500
rateOverhead: 100 // in ms this will be subtracted from the time when calculating the rate, default 50
});
FAQs
helps aliviate slow loris attack by giving developer 2 extra options, 1- headerTimeout, the timeout to receive the headers. 2- minRate the minimum rate (bytes/second) with rateOverhead to compensate for initial delay to receive data
We found that node-slowloris demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.
Security News
Socket is joining forces with CISA and other industry leaders at the RSA Conference to sign the Secure by Design pledge, committing to uphold the highest security standards in our products.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.