IBM Support

How can I protect IBM Security Access Manager against the Slow HTTP Attack?

Troubleshooting


Problem

I'm concerned about my IBM Security Access Manager (ISAM) being vulnerable to the slow HTTP attack mentioned in the article below.

How to Protect Against Slow HTTP Attacks https://blog.qualys.com/securitylabs/2011/11/02/how-to-protect-against-slow-http-attacks

I notice the article mentions web servers specifically but I'm concerned the same issue is present in ISAM.


Symptom

The vulnerability exploits the wait time and seems to mimic a slow internet connection from the client side. IBM Security Access Manager server offers some settings that can help mitigate against this.

Document Location

Worldwide


[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSZU8Q","label":"IBM Security Access Manager"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

More support for:
IBM Security Access Manager

Software version:
All Versions

Document number:
967495

Modified date:
04 September 2019

UID

ibm10967495

Manage My Notification Subscriptions