Skip to content
Sergey Shekyan edited this page May 3, 2016 · 5 revisions


Moved here from Google Code.

Application Layer DoS attacks, such as slowloris, Slow HTTP POST, Slow Read attack (based on TCP persist timer exploit) by draining concurrent connections pool, as well as Apache Range Header attack by causing very significant memory and CPU usage on the server.

Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service. This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server.

Slow Read DoS attack aims the same resources as slowloris and slow POST, but instead of prolonging the request, it sends legitimate HTTP request and reads the response slowly.

Installation and usage examples

How I knocked down 30 servers using slowhttptest

Slow Read DoS attack explained

Test results of popular HTTP servers

How to protect against slow HTTP DoS attacks

Many thanks to Tigran Gevorgyan and Victor Agababov for tons of help and support. The logo is from

Some links to the media coverage, for historical purposes:

ArsTechnica The Verge TechWorld DarkReading

25 November 2013

SlowHTTPTest version1.6 is out. Thanks to Comcast for not having Internet for two days, managed to do a lot of things. This release includes all the small bug fixes that were sitting in SVN for over a year, usability improvements and better reporting. Check it out and leave some feedback! Blog post with changes and hints

7 September 2012

Released version 1.5 with improved CPU utilization, some bug fixes, and proxy support, which means you can direct either probe or entire traffic through a specified web proxy.

28 January 2012

Released version 1.4 with poll() support, which means slowhttptest is not limited to 1024 connections anymore. Added man page, fixed several bugs, including build issues on FreeBSD and cygwin.

28 December 2011

Released version 1.3 with Slow Read Denial of Service attack support.

Check out the video with demonstration of the attack:

26 September 2011

Released version 1.2. The major new feature is the indicator of HTTP server's availability. Instead of refreshing the page in the browser to figure out if the web server is down, let slowhttptest to request the target web page every second and track the status in log messages and statistics files. Installation and usage examples page is updated with detailed description of how probe connection should be configured and used.

Charts now show intervals when server was not available:

27 August 2011

Released version 1.1 that includes test mode for Apache Range header handling DoS vulnerability test

24 August 2011

First version of slowhttptest is released.