An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

Security Research Center

HTTP Challenge

An HTTP challenge is a method used to automatically mitigate HTTP based DDoS attacks . The challenge is intended to be passed by legitimate users and to fail the attackers.

One typical challenge is that after arrival of an HTTP request message, send back to the users a 302 Redirect message. A typical user with a web browser will pass that challenge, while an attacker that does not implement a full HTTP stack will ignore this redirect and send the original request again. A more complicated challenge is to add a cookie - now the client also has to store and resend this cookie.


  • This protection is considered very accurate, predictable and effective.


  • A Web challenge also blocks's legitimate bots such as web crawlers which the site does not wish to block. This is because they too do not necessarily use a real browser or implement a full HTTP stack. Nevertheless many organizations will be willing to pay this price when under attack.
  • More sophisticated attack tools and bots can invest in passing the challenge or even using real web browsers so that they will pass the challenge. This however, requires the attacker to invest resources on his side and in most cases will decrease the attack capacity.

DDoSPedia Index

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support

Get Social

Connect with experts and join the conversation about Radware technologies.

Radware Blog
Security Research Center