What is an HTTP Flooding Attack?
An HTTP flood attack utilizes what appear to be legitimate HTTP GET or POST requests to attack a web server or application. These flooding attacks often rely on a botnet, which is a group of Internet-connected computers that have been maliciously appropriated through the use of malware such as a Trojan Horse.
What Are the Signs of an HTTP Flooding Attack?
These types of DDoS attacks are designed to cause the targeted server or application to allocate the most resources possible in direct response to each request. In this way, the attacker hopes to overwhelm the server or application, “flooding” it with as many process-intensive requests as possible.
HTTP POSTs are often used because they involve complex server-side processing, while HTTP GET attacks are easier to create, thus lending themselves to botnet attacks which rely on scale to achieve the desired disruption.
Why Are HTTP Flooding Attacks Dangerous?
Because they use standard URL requests, HTTP flooding attacks are nearly indistinguishable from valid traffic. Because they don’t rely on malformed packets, spoofing or reflection techniques, they are difficult to detect. And since they require lower bandwidth than brute force attacks, they can often “fly under the radar” while bringing down a targeted site or server.
HTTP flooding attacks are specifically designed for the particular target they are aimed at, making them much harder to uncover and block.
How to Mitigate and Prevent an HTTP Flooding Attack
Additional means of preventing an HTTP flooding attack include a web application firewall (WAF), as well as constant monitoring by threat engineers.