We were made aware of a potential Slowloris attack vulnerability for our Netlify site. Slowloris is a denial-of-service attack program which allows an attacker to overwhelm a targeted server by opening and maintaining many simultaneous HTTP connections between the attacker and the target. Is there anything we can do to prevent this?
That is a private repo that cannot be cloned without access. Also, the steps above do not include instructions to point that software at a Netlify sites. Finally, you are not permitted to be doing security testing at Netlify unless you have an Enterprise team or you are using the HackerOne reporting program. Neither of those is true from what I can see here.
That all said, if you have a real world example of this being used against Netlify, please provide that information and we’ll take a look.
For some further context, this was reported to my team from our own bug bounty program by a whitehat hacker. It was reported on July 11, in which you can see a spike in page views despite not a substantial increase in number of users. I believe this was a demonstration by the whitehat of the vulnerability. In general, is there any rate limiting we can implement for our Netlify site?
