This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to identify and prevent "Slow Post" Attacks...

Posted on 08-30-2018 12:36 PM
Surabhi_gupta
New Member
Reply posted on --/--/---- --:-- AM

I heard about new kind of DoS attack that is slow post attack. I started investigating and couldn't find anything that explains how Apigee can help here.

Anyone solution/recommendations to prevent these in Apigee?

0 3 337
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
sidd-harth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Generally speaking, set an absolute connection timeout.

IMO one way of Slow Post Attacks can be done by using CRLF tags(injection) in headers. So to avoid it a simple way is to is to sanitize the CRLF characters before passing into the header or to encode the HTTP header data which will prevent the CRLF sequences entering the header.

Within Apigee, use the Javascript/Assign Message policy to overwrite the header values.

Have a look at this post,

https://community.apigee.com/articles/19487/api-vulnerabilites-and-their-mitigation-in-apigee.html

0 Likes

Posted on --/--/---- --:-- AM
Surabhi_gupta
New Member
In response to sidd-harth
Reply posted on --/--/---- --:-- AM

Hi @Siddharth Barahalikar,

Thank you for your response and the link. it's really good and helpful. I'll review and see if there are more questions.

0 Likes

Posted on --/--/---- --:-- AM
Surabhi_gupta
New Member
In response to sidd-harth
Reply posted on --/--/---- --:-- AM

How can we set absolute connection timeout in Apigee proxy end point?

0 Likes