Slowloris both helps identify the timeout windows of a HTTP server or Proxy

server, can bypass httpready protection and ultimately performs a fairly low bandwidth denial of service. It has the added benefit of allowing the server to come back at any time (once the program is killed), and not spamming the logs excessively. It also keeps the load nice and low on the target server, so other vital processes don't die unexpectedly, or cause alarm to anyone who is logged into the server for other reasons. The main audience using slowloris is of course a system administrators wanting to measure their webserver's performance and vulnerability. WWW: http://ha.ckers.org/slowloris/ PR: ports/136281 Submitted by: Alexey V. Degtyarev
svn path=/head/; revision=237733
2024-11-20 00:21:35 +00:00 · 2009-07-13 22:40:20 +00:00 · 2009-07-13 22:40:20 +00:00 · 597ef6d7b7 · 2021-03-31 03:12:20 +00:00
commit 597ef6d7b7
parent 01a2bc5b35
5 changed files with 66 additions and 0 deletions
--- a/benchmarks/Makefile
+++ b/benchmarks/Makefile
@ -53,6 +53,7 @@
    SUBDIR += scimark2c
    SUBDIR += siege
    SUBDIR += sipp
+    SUBDIR += slowloris
    SUBDIR += stream
    SUBDIR += super-smack
    SUBDIR += sysbench
--- a/benchmarks/slowloris/Makefile
+++ b/benchmarks/slowloris/Makefile
@ -0,0 +1,43 @@
+# New ports collection makefile for:	slowloris
+# Date created:				Fri 03 Jul 2009
+# Whom:					Alexey V. Degtyarev
+#
+# $FreeBSD$
+#
+
+PORTNAME=	slowloris
+PORTVERSION=	0.7
+CATEGORIES=	benchmarks
+MASTER_SITES=	ftp://ftp.renatasystems.org/pub/FreeBSD/ports/distfiles/
+
+MAINTAINER=	alexey@renatasystems.org
+COMMENT=	The low bandwidth, yet greedy and poisonous HTTP client
+
+USE_PERL5=	yes
+NO_BUILD=	yes
+
+RUN_DEPENDS=	p5-IO-Socket-SSL>=0:${PORTSDIR}/security/p5-IO-Socket-SSL \
+		p5-Getopt-Long>=0:${PORTSDIR}/devel/p5-Getopt-Long
+
+PLIST_FILES=	bin/slowloris
+
+.include <bsd.port.pre.mk>
+
+PERL_THREADS=	no
+
+.if exists(${PERL})
+PERL_THREADS!=	${PERL} -V::usethreads
+.if ${PERL_THREADS} == "'define';"
+RUN_DEPENDS+=	p5-threads-shared>=0:${PORTSDIR}/devel/p5-threads-shared
+PERL_THREADS=	yes
+.endif
+.endif
+
+.if ${PERL_THREADS} != "yes"
+EXTRA_PATCHES+=	${FILESDIR}/extra-nothreads
+.endif
+
+do-install:
+	${INSTALL_SCRIPT} ${WRKSRC}/slowloris.pl ${PREFIX}/bin/slowloris
+
+.include <bsd.port.post.mk>
--- a/benchmarks/slowloris/distinfo
+++ b/benchmarks/slowloris/distinfo
@ -0,0 +1,3 @@
+MD5 (slowloris-0.7.tar.gz) = e2f11939daccc1c623acda7ab337ec1b
+SHA256 (slowloris-0.7.tar.gz) = 72aa764570bc5c7c97caca585cdc67dcfd731ca0184e01d81ceb3917e4b04ff9
+SIZE (slowloris-0.7.tar.gz) = 6306
--- a/benchmarks/slowloris/files/extra-nothreads
+++ b/benchmarks/slowloris/files/extra-nothreads
@ -0,0 +1,7 @@
+--- slowloris.pl.orig	2009-06-29 18:05:27.000000000 +0400
+++ slowloris.pl	2009-07-03 14:31:35.000000000 +0400
+@@ -96,2 +96,2 @@
+-    use threads;
+-    use threads::shared;
+#    use threads;
+#    use threads::shared;
--- a/benchmarks/slowloris/pkg-descr
+++ b/benchmarks/slowloris/pkg-descr
@ -0,0 +1,12 @@
+Slowloris both helps identify the timeout windows of a HTTP server or Proxy
+server, can bypass httpready protection and ultimately performs a fairly low
+bandwidth denial of service.  It has the added benefit of allowing the server
+to come back at any time (once the program is killed), and not spamming the
+logs excessively.  It also keeps the load nice and low on the target server, so
+other vital processes don't die unexpectedly, or cause alarm to anyone who is
+logged into the server for other reasons.
+
+The main audience using slowloris is of course a system administrators wanting
+to measure their webserver's performance and vulnerability.
+
+WWW: http://ha.ckers.org/slowloris/