AnsweredAssumed Answered

AWS WAF and QID &150085 (Slow HTTP POST vulnerability)

Question asked by Thomas Moretto on Apr 6, 2017
Latest reply on Apr 10, 2017 by Thomas Moretto


I have an AWS ec2 web application running apache, that sits behind an application elastic load balancer, which is protected by a WAF (web application firewall).


My customer has performed a WAS against his web application URL (which goes through the WAF to the elb to the web server) and the scan results report that slow http post is a 'possible vulnerability'.  I added the following to the apache configuration with mod_reqtimeout, and the scan results still show that slow http post as a possible vulnerability:


LoadModule reqtimeout_module modules/

RequestReadTimeout header=10-20,MinRate=500


I also tried:

RequestReadTimeout header=10-20,MinRate=500 body=20,MinRate=500


Both configurations have the same result... slow http attack is a possible vulnerability.


In addition, I have performed a slowhttptest against the web application and the service never goes down and the connections do close.  My slowhttptest parameters I used were:


slowhttptest -c 5000 -B -g -o my_body_stats -i 110 -r 200 -s 8192 -t POST -u -x 10 -p 3


I did some header tests too and the results were the same, the service never goes down and connections do close.



Can someone please advise on what else I can do to fix these 'possible' vulnerabilities?