Multiple get requests to a specific resource which need resources to generate the response might lead to a DoS/DDoS condition.
HTTP POST DDoS
Client tells the web server how large the
message body is,say, “Content-Length = 800” but is sent with huge
latency say 1 byte per 100 seconds.
Attacker ---- Reverse Proxy ---- Original Server
Reverse Proxy serves the resources hiding original Web Server
Monitoring Header, request patterns
Malware/Bots/Scripts have a specific request patterns unlike human.
Invalid User-Agents, same packet size, dynamic referrers
Detection of rotating IP Addresses, User-Agent's, Referrers
Apache Mitigation mechanisms
Akamai provides a real-time mapping info