HTTP/1.1 slow-header (slowloris) connection hold

net.slow_http_attack  ·  convicts

networklayer
automationcategory

What it catches

Slowloris/slow-POST (CVE-2007-6750 class); an incomplete request header held past a time/byte budget on a trickle of bytes — the h1 analog of the h2 CONTINUATION flood, the SlowLorisScanner tell no browser produces

Signals it reads

network.slow_http_attack

How it fires

present

Bypassed by 10

Frontier evaders that reach the detector uncaught (scored only suspicious, defeating every convicting tell) — this check is not one that stops them. The red-team frontier this detection still has to convict.

← all detections