+3 votes
in Security by (242k points)
What is HTTP flood?

1 Answer

+4 votes
by (1.6m points)
Best answer

What is an HTTP flood attack?
How can you prevent the attack?
How to protect yourself?


What is HTTP flood?

The HTTP flood (in English, HTTP flood ) is a type of attack DDoS (of the English distributed denial of service or distributed denial of service ). In these cases, the attacker's goal is to saturate the application or website with a large number of visits from different locations. HTTP flood attacks are also known as layer 7 attacks , which refers to the so-called application layer in the OSI model. This model states that the Internet consists of seven layers..

The goal of Layer 7 attacks is always to starve the network or server of resources. When the hardware is under-resourced, the client takes longer to respond to requests. During an HTTP flood , as the attacker sends a large number of requests to the hardware without pausing, the system becomes overloaded , preventing access to the server and the network.

In this way, by means of an HTTP flood attack , the intention is to disable the server by making completely normal requests. How can we avoid this vulnerability of the HTTP protocol?

  1. What is an HTTP flood attack?
  2. How can you prevent the attack?
  3. How to protect yourself?

What is an HTTP flood attack?

HTTP flood attacks are based on the client's GET or POST requests . The client, that is, the browser that wants to access the website, sends one of these requests. The server processes it and, in turn, sends the response back to the client..

GET requests retrieve static content, such as images or blocks of text. Instead, POST requests are used to access dynamic resources. In other words, the GET method receives data from the server, while the POST method sends data to the server. Both can be used to carry out this type of attack, although the POST method is used more frequently, because it requires complex processing by the server .

During an HTTP flood attack , many of these requests are made simultaneously and over a long period of time. Typically, a botnet is used to increase the number of requests. The HTTP flood attack is designed in such a way that the server dedicates the largest possible volume of resources to each request. In a normal situation, this is desirable, because the server does not receive thousands or hundreds of thousands of requests per minute, as in this case. Thus, in this case, the attacker only has to wait for the server to overflow, with the consequent crash of the application or website..

During the attack, thousands of bots send several requests per second, managing to disable the server or the network.

How can you prevent the attack?

Sometimes pages generate a lot of traffic on a temporary basis, making it difficult to detect if visits are increasing due to an attack or simply for the purposes of a good marketing campaign. If you do discover that it is an HTTP flood attack , firewalls can identify and block suspicious IP addresses.

In this situation, the first step is to send the so-called JavaScript Computational Challenge to the client, a method that allows detecting if it is part of a botnet or is it a normal user. Any browser of a normal website visitor will be able to pass this test, unlike bots .

If you know the attacker's procedure, you can put a few simple rules in the firewall to automatically block the IP addresses of the botnet . An HTTP flood can generally be detected and stopped within minutes, provided it has been identified as the cause of the system crash.

How to protect yourself?

It is very difficult to protect yourself from an HTTP flood , because the attacker's requests can look like normal website traffic . In this type of attack, malware is not sent to the server nor is it intended to exploit security breaches, but rather saturates the server with legitimate requests. As these require much less bandwidth than any intrusion into the page code, this type of attack can go unnoticed at first.

To protect themselves, most websites resort to the Captcha test, which can only be passed by a human user. In this way, it is possible to find out if the request comes from a botnet and consequently block the corresponding IP addresses. There are also application and website firewalls that check and analyze traffic. These systems can slow down the page a bit, but they guarantee its protection and stability. If the page itself requires processing a large amount of data, it is a good idea to display a loading page while the main page loads in the background.


HTTP flood is just one of several types of DDoS attacks, including ping flood, SYN flood, UDP flood, and ping of death. In all of them, the goal is to disable the web servers.