To secure your environment from the Slowloris attack, you can configure the RequestReadTimeout option at the global and proxy service levels. This option sets timeout values for the following actions:
Completing the TLS handshake
Receiving the request headers
Receiving the request body
Perform the following steps to configure the RequestReadTimeout option:
(Conditional) Modify the httpd.conf file using the Advanced File Configurator and add the following in the LoadModule section:
LoadModule reqtimeout_module libexec/mod_reqtimeout.so
For more information about how to manage configuration files using Advanced File Configurator, see Managing Configuration Files in the NetIQ Access Manager 5.0 Administration Guide
To configure the option at the global level, click Devices > Access Gateways > Edit > Advanced Options.
To configure the option for a proxy service, click Devices > Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > Advanced Options.
Add the option in the following format:
RequestReadTimeout [handshake=timeout[-maxtimeout][,MinRate=rate] [header=timeout[-maxtimeout][,MinRate=rate] [body=timeout[-maxtimeout][,MinRate=rate]
For example, configure the option as follows to allow for 10 seconds to complete the TLS handshake, 15 seconds to receive the request headers, and 30 seconds for receiving the request body:
RequestReadTimeout handshake=10 header=15 body=30
Click OK.
For more information about this option, see RequestReadTimeout Directive.
NOTE:The RequestReadTimeout option is not supported for path-based multi-homing proxy services.