Hi!

I'm a student doing a research with ModSecurity. I'm coming up with some rules to prevent * HTTP POST DoS attack on the Apache server by using javascript cookies. ModSecurity injects the JavaScript code on any webpage then ModSecurity is then configured to drop requests without these cookies. My main assumption is that most bots especially those that use the slow HTTP DoS POST attack don't use browsers and thus don't use JavaScript. Can anyone here give me some insights as to how effective/not effective that prevention is? Can someone also use JavaScript to create a Slow HTTP POST attack tool that triggers or steals that cookie and proceed with the attack?


As an example, some said that Javascript code can easily be stolen even with obfuscation.

Sorry not a I'm not Javascript expert at all.


Article on slow post DoS attacks can be found

here -http://www.darkreading.com/vulnerability-management/167901026/security/attacks-breaches/228000532/researchers-to-demonstrate-new-attack-that-exploits-http.html.

and here http://blog.spiderlabs.com/2011/07/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html.

Many Thanks!