HTTP Slow Post and IIS settings to prevent

Question

So we got this report from a Security Company saying our MVC website running on IIS 8.0 was vulnerable to slow HTTP post DoS attack. The report stated we should

• Limit request attributes is through the <RequestLimits> element, specifically the maxAllowedContentLength, maxQueryString, and maxUrl attributes.
• Set <headerLimits> to configure the type and size of header your web server will accept.
• Tune the connectionTimeout,
  headerWaitTimeout, and minBytesPerSecond attributes of the <limits>
  and <WebLimits> elements to minimize the impact of slow HTTP attacks.

The trouble is I'm having a hard time finding any recommendations on how these values should be set. Eg. the minBytesPerSecond is default 240, but what should it be to prevent SlowHTTPPost attacks?

Cheers Jens

Answer 1

So, ended up following this guy's recommendations:

http://cagdasulucan.blogspot.se/2013/02/iis-recommendations-against-slow-http.html