I'm using WordPress Version 5.2.2
I've been asked to implement changes highlighted as required by a security scan, the problem is I have little access (none in fact I think) to the webserver configuration, which makes some changes, difficult.
Is it possible for me to deal with Slow HTTP POST vulnerabilities in WordPress, () without changing the server configuration?
I'm using WordPress Version 5.2.2
I've been asked to implement changes highlighted as required by a security scan, the problem is I have little access (none in fact I think) to the webserver configuration, which makes some changes, difficult.
Is it possible for me to deal with Slow HTTP POST vulnerabilities in WordPress, (https://blog.qualys/securitylabs/2011/11/02/how-to-protect-against-slow-http-attacks) without changing the server configuration?
Share Improve this question edited Sep 4, 2019 at 9:43 Tom J Nowell♦ 61.2k7 gold badges79 silver badges150 bronze badges asked Sep 4, 2019 at 8:31 greebstreeblinggreebstreebling 1033 bronze badges 2- 1 Can you provide a link defining what "Slow HTTP POST vulnerabilities" are? My intuition says that no, you can't deal with it at the PHP level but I'd like to know exactly what it is before I confirm. – Ted Stresen-Reuter Commented Sep 4, 2019 at 8:35
- Thank you, I've updated the post with a link – greebstreebling Commented Sep 4, 2019 at 8:43
1 Answer
Reset to default 1No, there is nothing you can do if you are unable to modify the HTTP server behavior. The reason is that the HTTP server receives and processes the initial request and then hands it off to PHP. PHP then processes the request and hands the response back to the HTTP server, which then sends it back to the client.
PHP does have a built-in HTTP server but it is HIGHLY unlikely that Kinsta is using it and it does not appear to offer any kind of configuration and moreover, is not recommended for production or even public use. See https://www.php/manual/en/featuresmandline.webserver.php for details.