Wednesday, July 16, 2014

HTTP DDoS Mitigations

Multiple get requests to a specific resource which need resources to generate the response might lead to a DoS/DDoS condition.

HTTP POST DDoS
Client tells the web server how large the message body is,say, “Content-Length = 800” but is sent with huge latency say 1 byte per 100 seconds.

Load balancers
Reverse Proxies
Attacker ---- Reverse Proxy ---- Original Server
Reverse Proxy serves the resources hiding original Web Server
Delayed binding
TCP slicing
Monitoring Header, request patterns
Malware/Bots/Scripts have a specific request patterns unlike human.
Cookies
Captchas
Invalid User-Agents, same packet size, dynamic referrers
Detection of rotating IP Addresses, User-Agent's, Referrers


Apache Mitigation mechanisms
mod_reqtimeout
LimitRequestBody directive
mod_antiloris

Akamai provides a real-time mapping info
http://www.akamai.com/html/technology/dataviz1.html