The Apache module mod_reqtimeout is a simple and effective way to protect yourself from the Slowloris attack.
For reasons the world may never understand, the cPanel team still does not include support for mod_reqtimeout in the EasyApache build utility, even though the module is a core part of the Apache web server distribution. Repeated requests that they add support for this module has gone unanswered, but that doesn’t leave us completely powerless. We can add this support ourselves.
As with the previous installer we built, you can either download the EasyApache module directly, or you can run a perl script to build and/or install it yourself from the latest version.
Getting it Done
I’d recommend reading the write-up for the cloudflare module installer for the details, since there’s no reason to re-hash it all again here. Instead, a synopsis:
Here are the links to download the latest from Github:
- Installer script: GitHub » reqtimeout.pl
- Pre-built package: GitHub » custom_opt_mod-mod_reqtimeout.tar.gz
You can run the installer with the following command on your cPanel server:
perl reqtimeout.pl installOr if you want to build a new package with the latest sources, run this (on any Unix/Linux system):
perl reqtimeout.pl buildThen run EasyApache, and away you go. You’ll have to configure the module yourself, so a quick glance at the configuration options may be handy.