I recently received a Qualsys report which listed - SLOW HTTP POST as a vulnerability with my application.
I have checked the various countermeasures, and configuring - MinBytesPerSecond, in the <webLimits> section of applicationhost.config, has been suggested. However, setting this field, does not seem to have any effect. The documentation of this setting states :
"Specifies the minimum throughput rate, in bytes, that HTTP.sys enforces when it sends aresponse to the client."
Does this mean the setting only applies to responses and not to requests? If so, how can one implement any minimum speed on a Slow HTTP POST Request?