HTTP Flood


HTTP Flood is a type of Distributed Denial of Service attack method used by hackers to attack web servers and applications. HTTP floods work by directing large amounts of HTTP requests at a web page in order to overload target servers with requests.

In an HTTP flood, the HTTP clients such as web browser interact with an application or server to send HTTP requests. The request can be either “GET” or “POST”. The aim of the attack is to compel the server to allocate as many resources as possible to serving the attack, thus denying legitimate users access to the server's resources. Such requests are often sent en masse by means of a botnet , increasing the attack's overall power.

These DDoS attacks may be one of the most advanced non-vulnerability threats facing web servers today. It is very hard for network security devices to distinguish between legitimate HTTP traffic and malicious HTTP traffic, and if not handled correctly, it could cause a high number of false-positive detections. Rate-based detection engines are also not successful at detecting these types of attacks, as the traffic volume of HTTP floods may be under detection thresholds. Because of this, it is necessary to use several parameters detection including rate-based and rate-invariant.

The vast majority of internet traffic nowadays is encrypted, most HTTP flood attacks today are, in fact, HTTPS floods. Not only are encrypted floods much more potent because of the high amount of server resources required to handle them), but they also add a layer of complexity to mitigating such attacks, since DDoS defenses usually cannot inspect the contents of the HTTPS requests without fully decrypting all traffic.

Research
Quarterly DDoS And Application Attack Report: Q3, 2021

Quarterly DDoS And Application Attack Report: Q3, 2021

Radware’s Quarterly DDoS and Application Attack Report provides an overview of attack activity witnessed during the third quarter of the 2021 calendar year.

Read more

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Radware Blog
Security Research Center