To secure your environment from the Slowloris attack, you can configure the RequestReadTimeout option at the global and proxy service levels. This option sets timeout values for the following actions:
Completing the TLS handshake
Receiving the request headers
Receiving the request body
Perform the following steps to configure the RequestReadTimeout option:
(Conditional) Modify the httpd.conf file using the Advanced File Configurator and add the following in the LoadModule section:
LoadModule reqtimeout_module libexec/mod_reqtimeout.so
For more information about how to manage configuration files using Advanced File Configurator, see Managing Configuration Files in the NetIQ Access Manager CE 24.2 (v5.1) Administration Guide
To configure the option at the global level, on the Home page, click Access Gateways > Edit > Advanced Options.
To configure the option for a proxy service, on the Home page, click Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > Advanced Options.
Add the option in the following format:
RequestReadTimeout [handshake=timeout[-maxtimeout][,MinRate=rate] [header=timeout[-maxtimeout][,MinRate=rate] [body=timeout[-maxtimeout][,MinRate=rate]
For example, configure the option as follows to allow for 10 seconds to complete the TLS handshake, 15 seconds to receive the request headers, and 30 seconds for receiving the request body:
RequestReadTimeout handshake=10 header=15 body=30
Click OK.
For more information about this option, see RequestReadTimeout Directive.
NOTE:This option is not supported for path-based multi-homing proxy services.