HTTP/1.1 slow-header (slowloris) connection hold
net.slow_http_attack · convicts
networklayer
automationcategory
What it catches
Slowloris/slow-POST (CVE-2007-6750 class); an incomplete request header held past a time/byte budget on a trickle of bytes — the h1 analog of the h2 CONTINUATION flood, the SlowLorisScanner tell no browser produces
Signals it reads
network.slow_http_attack
How it fires
present
Bypassed by 10
Frontier evaders that reach the detector uncaught (scored only suspicious, defeating every convicting tell) — this check is not one that stops them. The red-team frontier this detection still has to convict.