From dac6b5617dc0ebea6b68c4eda354649780cda217 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Tue, 23 Nov 2010 16:40:01 -0500
Subject: Adding SecReadStateLimit.  Requires 2.5.13 which should be out
 shortly.

---
 config/apache_mod_security/apache_mod_security_settings.xml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'config/apache_mod_security/apache_mod_security_settings.xml')

diff --git a/config/apache_mod_security/apache_mod_security_settings.xml b/config/apache_mod_security/apache_mod_security_settings.xml
index e313f3c8..4bbc4ea2 100644
--- a/config/apache_mod_security/apache_mod_security_settings.xml
+++ b/config/apache_mod_security/apache_mod_security_settings.xml
@@ -120,7 +120,6 @@
 			</description>
 			<type>input</type>
 		</field>
-
 		<field>
 			<fielddescr>Use mod_disk_cache</fielddescr>
 			<fieldname>mod_disk_cache</fieldname>
@@ -141,6 +140,16 @@
 			</description>
 			<type>input</type>
 		</field>
+		<field>
+			<fielddescr>Limits number of POSTS accepted from same IP address</fielddescr>
+			<fieldname>SecReadStateLimit</fieldname>
+			<description>
+				<![CDATA[
+					Help prevent the effects of a Slowloris-type of attack.  More information about this attack can be found here: http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html
+				]]>					
+			</description>
+			<type>input</type>
+		</field>
 		<field>
 			<fielddescr>Configures the maximum request body size ModSecurity will store in memory.</fielddescr>
 			<fieldname>secrequestbodyinmemorylimit</fieldname>
-- 
cgit v1.2.3