Apache mod_qos: How To Defend Against slowloris DDoS

mod_qos is a quality of service module for the Apache web server implementing control mechanisms that can provide different levels of priority to different HTTP requests. Here’s what the official documentation says:

But why do you need quality of service for a web application? Well, web servers require threads and processes to serve HTTP requests. Each TCP connection to the web server occupies one of these threads respectively processes. Sometimes a server gets too busy to serve every request due to the lack of free processes or threads. Another parameter requiring control by mod_qos is the available bandwidth: all clients communicate to the server over a network link with limited bandwidth. Overfilling the link results in network congestion and poor performance.

Example situations where web applications require QoS:

  • More resources are consumed if request processing by an application takes a long time, e.g. when request processing includes time consuming database queries.
  • Oversubscription of link capabilities due to many concurrent clients uploading or downloading data.
  • Penetration of the web server by attackers (DDoS).

mod_qos may be used to determine which requests should be served and which shouldn’t in order to avoid resource oversubscription. The module collects different attributes such as the request URL, HTTP request and response headers, the IP source address, the HTTP response code, history data (based on user session and source IP address), the number of concurrent requests to the server (total or requests having similar attributes), the number of concurrent TCP connections (total or from a single source IP), and so forth.

Here’s a guide on installing mod_qos on Cent OS 5:

Download mod_qos:

Compile mod_qos:

Open httpd.conf:

Put in the line:

Load configuration:

Paste these:

Restart Apache:


Leave a Reply

Your email address will not be published. Required fields are marked *