AnsweredAssumed Answered

Slow HTTP POST attack- Q150085

Question asked by Aamir Kazi on Nov 10, 2014
Latest reply on Nov 12, 2014 by fmc


During the vulnerability test, I came across the slow HTTP POST - DoS attack warning. Based on the suggested procedures, I made config changes in my web server Win2008 R2- IIS 7.5 (snapshots attached). But I still keep getting the same warning of

Vulnerable to slow HTTP POST attack Connection with partial POST body remained open for: 128712 milliseconds even though my connection time out is set to 30 sec only.


The config changes were made as per recommendations:


Default Limits for Web Sites <limits> : The Official Microsoft IIS Site

Web Limits <webLimits> : The Official Microsoft IIS Site


Any suggestions?