Slowloris is a type of denial of service attack tool which allows a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports. It is the prototypical slow DoS attack tool.

Slowloris tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target web server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to, but never completing, the request. Affected servers will keep these connections open, filling their maximum concurrent connection pool, eventually denying additional connection attempts from clients.

The program was named after slow lorises, a group of primates which are known for their slow movement.

This includes but is not necessarily limited to the following, per the attack's author:

The following are disputed (not affected according to author but affected according to PowerWAF):

Because Slowloris exploits problems handling thousands of connections, the attack has less of an effect on servers that handle large numbers of connections well. Proxying servers and caching accelerators such as Varnish, nginx, and Squid have been recommended to mitigate this particular kind of attack. In addition, certain servers are more resilient to the attack by way of their design, including Hiawatha, IIS, lighttpd, Cherokee, and Cisco CSS.

slowloris.pl (the original version) offers the following options:

PowerWAF claims that there is a variant attack on the SSL/TLS handshake process. The following are allegedly affected: