🛡️ Free practice test question from: Load Balancer (Security+)

Slowloris attacks work by sending partial HTTP requests to a web server and keeping the connections open as long as possible, eventually exhausting the server's resources. (https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris/)

B) Reverse proxy with connection limiting and timeouts is the most effective solution. A reverse proxy sits in front of the web servers and acts as an intermediary. By implementing connection limits, the reverse proxy can restrict the number of concurrent connections from a single IP address, preventing a single attacker from monopolizing server resources. Timeout configurations ensure that connections that remain idle for too long are closed, mitigating the core mechanism of Slowloris. Configuring short timeouts on the web servers themselves further reinforces this defense.

A) Transparent forward proxy is less effective. While caching and IP reputation filtering can help with some threats, they don't directly address the core issue of Slowloris, which is the persistence of incomplete connections. Clients also mostly use a transparent proxy to access external resources, not to protect internal servers. (https://www.fortinet.com/resources/cyberglossary/transparent-proxy)

C) Forward proxy on each client is impractical and inefficient. It would require significant administrative overhead to manage and configure proxies on every client machine. Moreover, it wouldn't protect the web servers directly from externally initiated Slowloris attacks.

D) NAT gateway provides network address translation, but it doesn't offer any specific protection against Slowloris attacks. It simply hides the internal IP addresses of the servers.