none
弱掃後產生的問題 RRS feed

  • 一般討論

  • 最近公司對Server 執行弱點掃描 報告中指出其中二台 Windows 2008 R2 Server ,  (一台 Exchange 2010 mailbox , 另一台為V-Center)
    的警訊為 HTTP Server Prone To Slow Denial Of Service Attack ,
    報告中的 Recommendation 皆為使用Apache http server 的修正方法 如下文
    但這二台並沒有安裝apache , 請問在Windows 中要如何修正這些風險呢?


    內容如下  

    "Download the latest version of Apache HTTP Server from the following location:
    http://httpd.apache.org/download.cgi
    A workaround to this, although not a final solution, is to decrease the Timeout setting for Apache to 10 seconds or less, instead of
    the default 5 minutes. Particular considerations have to be considered depending on each organization and the type of clients
    expected to connect to their web servers.
    For example, the timeout and minimum data rate for receiving requests can be set by enabling the apache module "mod_reqtimeout",
    http://httpd.apache.org/docs/trunk/mod/mod_reqtimeout.html
    HTTP servers that use the asynchronous I/O technique are not vulnerable to this attack. Some of those servers are: lighttpd, nginx,
    Apache's experimental event MPM, IIS 6, IIS7, Cherokee, etc."

     

    • 已變更類型 AChange 2013年5月9日 上午 01:32
    • 已變更類型 AChange 2013年5月9日 上午 01:32
    2013年2月26日 上午 08:14

所有回覆