Hi,
The Zimbra server is (version 8.8.7 foss) installed on Centos(7.4). After a security audit, it is requested to fix the above issue on Zimbra. No documents were found thru google search or the Zimbra forum.
Issue
The web application is possibly vulnerable to a "slow HTTP POST" Denial of Service (DoS) attack. This is an application-level DoS that consumes server resources by maintaining open connections for an extended period of time by slowly sending traffic to the server.
Suggested solution
- to limit the size of the acceptable request to each form requirements
- establish minimal acceptable speed rate
- establish absolute request timeout for connection with POST request
Any help would be very much appreciated
Thanks
Damith
How to fix Slow HTTP POST vulnerability
Re: How to fix Slow HTTP POST vulnerability
My question would be: why are you exposing http to the outside world when everyone should be using https only?
Re: How to fix Slow HTTP POST vulnerability
phoenix wrote:My question would be: why are you exposing http to the outside world when everyone should be using https only?
Thank you for the speed reply. It may be that mailscanner is installed on apache (httpd) without SSL.
Will do the needful to take it to https.
thanks
Thank
damith