Slowloris

Slowloris is a denial-of-service technique that targets web servers by exhausting their ability to handle new connections. It works by opening many connections to a target web server and then sending partial HTTP requests at a very slow rate. Instead of delivering a full request, it periodically sends additional header lines to keep those connections alive. Because the server must maintain an open connection for each request, the attack can consume all available worker processes or threads, denying service to legitimate clients.

The approach relies on servers that allocate resources per connection and wait for a complete request before

Origin and history: Slowloris was created by Robert “RSnake” Hansen in 2009 as a demonstration of vulnerability

Impact and mitigations: Slowloris can degrade or disable sites running susceptible configurations, particularly older or under-resourced