HTTP flood attacks are based on the client's GET or POST requests . The client, that is, the browser that wants to access the website, sends one of these requests. The server processes it and, in turn, sends the response back to the client..
GET requests retrieve static content, such as images or blocks of text. Instead, POST requests are used to access dynamic resources. In other words, the GET method receives data from the server, while the POST method sends data to the server. Both can be used to carry out this type of attack, although the POST method is used more frequently, because it requires complex processing by the server .
During an HTTP flood attack , many of these requests are made simultaneously and over a long period of time. Typically, a botnet is used to increase the number of requests. The HTTP flood attack is designed in such a way that the server dedicates the largest possible volume of resources to each request. In a normal situation, this is desirable, because the server does not receive thousands or hundreds of thousands of requests per minute, as in this case. Thus, in this case, the attacker only has to wait for the server to overflow, with the consequent crash of the application or website..