What are HTTP flood attacks?

HTTP flood attacks refer to the type of distributed denial-of-service (DDOS) attack targeting websites and online services on the application layer. In this attack, a lot of HTTP GET or POST requests are directed to the targeted server overwhelming the server's capacity to process and respond to requests.

This type of attack uses bots and network of malicious devices to launch the attack, hence flooding the website with traffic and making it inaccessible. Since HTTP flood attacks can look like normal user activity, they are often hard to detect. To handle this, organizations rely on advanced threat protection methods like behaviour monitoring, traffic filtering, and anomaly detection block suspicious activity.

Different types of DDOS attacks

HTTP GET attacks: In HTTP GET attacks, the attacker targets to receive a huge amount of data using GET requests from the server. These requests can be an attempt to download large files such as images or scripts from the web server by launching a coordinated HTTP flood attack. As a consequence, the web server admins of the victim become so busy handling the attacker requests that they cannot process requests from legitimate users.

HTTP POST attacks: In HTTP POST attacks, the attacker sends a large amount of data and large amount of post requests mimicking legitimate requests from legitimate users. This type of post request can strain the server and memory resources, causing delayed responses or service disruptions.