There are many types of Distributed Denial of Service (DDOS) attacks that can affect and bring down a website, and they vary in complexity and size. The most well known attacks are the good old SYN-flood, followed by the Layer 3/4 UDP and DNS amplification attacks.

Today though, we’re going to spend a little time looking at Layer 7, or what we call an HTTP Flood Attack.

An HTTP flood attack is a type of Layer 7 application attack that utilizes the standard valid GET/POST requests used to fetch information, as in typical URL data retrievals (images, information, etc.) during SSL sessions. An HTTP GET/POST flood is a volumetric attack that does not use malformed packets, spoofing or reflection techniques. – DDoSAttacks.biz

If you’re wondering, yes, we deal with these every day, and we protect our client websites via our Website Firewall.

Today I’m going to share with you some details on a rather large DDoS attack that leveraged the following HTTP request flood attack to wreak havoc on a clients website. I’ll also share the steps we took to mitigate the issue.

Layer 7 DDoS – HTTP Flood Attacks

The first thing to understand about Layer 7 attacks is that they require more understanding about the website and how it operates. The attacker has to do some homework and create a specially crafted attack to achieve their goal. Because of this, these types of DDoS attacks require less bandwidth to take the site down and are harder to detect and block.

Layer 7 DDoS – Part 1: Random URLs

This specific client came to us after his site was down for almost a week. They tried other services to protect their website with not much luck. As soon as he switched his DNS to us, we gained a much deeper appreciation and started to see why.

He was getting thousands of requests like these every second:

Source: https://blog.sucuri.net/2014/02/layer-7-ddos-blocking-http-flood-attacks.html

Uhm, my post might be off topic...

I tried assessing the download link of your php browser app, all I get is an error...

I would love to access it though in order to run php scripts... Another thing is, can I use it as an alternative to Wamp server...??

Finally, I get an error while installing composer on my system... It says, Openssl extension missing... I've googled the methods and tried uncommenting

;extension=openssl.DLL stuff in php.INI and still, it doesn't work..

Am a newbie to Laravel and composer is a must for the Installation... I use Uwamp web server for local host... That's why I asked whether I can use your phpbrowser app...

The new phpbrowserbox is as powerful as wamp server any day.
The reason you are unable to access it is because sourceforge is down at the moment because of this - https://www.nairaland.com/3223654/sourceforge.net-down-only-homepage-working

Let us see what happens first before deciding on the next source of action - i might publish it elsewhere - but the sourceforge link is very popular in google search.

i think the primary way of safe guarding against http flood is by restricting unauthenticated users to limited resources, and less db call

some bots will authenticate with cookies too. it is not that simple.

dhtml18:
The new phpbrowserbox is as powerful as wamp server any day.
The reason you are unable to access it is because sourceforge is down at the moment because of this - https://www.nairaland.com/3223654/sourceforge.net-down-only-homepage-working

Let us see what happens first before deciding on the next source of action - i might publish it elsewhere - but the sourceforge link is very popular in google search.

Okay Bro.. .

Can you give me a solution to the composer aspect.. Sorry I am derailing your thread...

Download the latest phpbrowserbox from here - https://l.?u=https%3A%2F%2Fgithub.com%2Fdhtml%2Fphpbrowserbox%2Freleases%2Fdownload%2F4.0%2Fphpbrowserbox.rar&h=JAQFu1xix

dhtml18:
Download the latest phpbrowserbox from here - https://l.?u=https%3A%2F%2Fgithub.com%2Fdhtml%2Fphpbrowserbox%2Freleases%2Fdownload%2F4.0%2Fphpbrowserbox.rar&h=JAQFu1xix

Link is not working bro.. Tried both on mobile and PC... Seems the link's expired..

Sorry for the expired link, the original link is back online - https://sourceforge.net/projects/phpbrowserbox/