18 January 2015, 15:39

Version 9.11 of the Hiawatha webserver has been released. This release brings the ChallengeClient option, which gives Hiawatha the ability to reduce the effects of a DDoS attack. This is done by checking if the client has a certain cookie set. If this is not the case for the first request within a connection, Hiawatha sends a 307 and this cookie (via a Set-Cookie HTTP header or a Javascript) back to the client. If the second request within a connection doesn't has this cookie, the client is banned. The idea is that normal browsers understand the 307 and the HTTP Set-Cookie header or the Javascript, but HTTP bots don't.

Please note that this although this option works from a technical point of view, it should be used with great care. Proper testing is strongly advised. Also note that this option should only be used when options like ConnectionsPerIP, ReconnectDelay and BanOnFlooding are insufficient.

Many thanks to Andrey Vasilev and Chris Wadge for all the testing and feedback.

Chris Wadge
19 January 2015, 11:43
Likewise, thanks for the hard work implementing this interesting new feature, Hugo.

As usual, files.tuxhelp.org [files.tuxhelp.org] has the latest Debian builds available, and both the US [mirror.tuxhelp.org] and EU [apt.sparkz.no] mirrors are synced as well.

19 January 2015, 19:50
Chris Wadge
19 January 2015, 22:33
Hiawatha 9.11-1 Debian packages released to patch for CVE-2015-1182.
Leo Unglaub
19 January 2015, 22:36
Thanks for the update, i updated the Crux-Linux ports.
24 January 2015, 11:44
For the Raspbian Users CVE-2015-1182: https://files.intermezzo.net/hiawatha_raspi/
30 January 2015, 18:38
Thanks Hugo,

excellent work, does a incredible job on my linux machines.
But unfortunately FreeBSD still hangs in version 9.8
Can you maybe take on any influence and help out a little bit?

Thanks in advance.
Chris Petrik Maintainer of www/hiawatha
30 January 2015, 19:20
There seems to be an error in the way libs are found in either cmake or FreeBSD preventing me to update to 9.11. Once I get time again I will try and fix this issue again. Porting is volunteer work and it gets done as time permits.
Chris Petrik Maintainer of www/hiawatha
30 January 2015, 19:38
FreeBSD PR submited for update to 9.11

30 January 2015, 22:58
Danke Chris. Wir bedanken uns für Ihre Bemühungen.
30 January 2015, 22:59
Thank you Chris. We appreciate your efforts.