Easy Apache / IIS Slow Header Attack

Slow Header Attack

The Slow Header attack works by exploiting the Client idle timeout value on the server side. This timeout is configured on server side to drop a client connection if a client was found idle during the time interval. The Slow header attack finds the approximate timeout value set in Server side and then chooses a value which is lower than the configured value. The attack then initiates a Http Request with Partial header to the server. It keeps sending one header based on the chosen value and this way Client idle timeout will not be triggered on the server side and Request will not be complete

In essence you can send a Denial Of Service attack to website using one laptop over a proxy.