Active rule currently published.
Atomicorp.com WAF Rules: Client Connection dropped by Apache due to slow connection, possible Slowaris attack
This rule detects when apache has generated a 408 error, and has dropped the connection. The rule does not block anything (because apache has already taken action), it just reports when this occurs.
Disabling this rule has no effect on apache dropping the connection.
No false positive with this rule can occur. The rule just detects 408 errors from apache.
It is not recommended that you disable this rule if you have a false positive. If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page. If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
If you are using a module like apaches modreqtimeout to detect slow connections, it may be possible your configuration needs to be adjusted to allow slower connections. This module, and others like it generate 408 errors when they detect slow connections. "Slowness" is determined by your configuration. The modsecurity rules does not detect slowness, it just reports the 408 error apache generates.
Similar Rules None.
Knowledge Base Articles