Chris Wadge has used the slowhttptest tool to see how well several (untuned) webservers are handling the slowloris attack. The results are quite interesting. I'll let them speak for themselves.

Test parameters Test type SLOW HEADERS Number of connections 4096 Verb GET Content-Length header value 4096 Extra data max length 52 Interval between follow up data 10 seconds Connections per seconds 128 Timeout for probe connection 3 Target test duration 240 seconds Using proxy no proxy

It's all about the green line and the required time to deal with the bad requests. It shows that Hiawatha stays available for other clients while under attack from one and deals with the attack more quickly than the other webservers. In other words, if you want sleep well at night knowing that your websites are online even while under attack, go for Hiawatha!

Cherokee crash

The Cherokee webserver was also tested. But because it crashed out of the box during the test, it didn't meet the tester's 'untuned' criteria, which was used for all of the other webservers featured.