Community Blog Protect Your Site from HTTP Flood Attacks with WAF

Protect Your Site from HTTP Flood Attacks with WAF

In this article, you will get some information on how to use WAF and protection rules to protect your site from HTTP flood attacks.

During HTTP flood attacks, the request rate of a single zombie server is typically far higher than that of a normal user. The most effective way to defend against this type of attack is to restrict the request rate of the source IP.

You can create custom HTTP flood protection rules to implement restrictions on the request rate.

Note the following points when you use HTTP flood protection:

  1. The Human-machine Identification blocking type can verify whether requests are sent from Web browsers or automation scripts. You can use this blocking type to protect Web and HTML5 applications, but not native apps or API services. To protect native apps and API services, set the blocking type to block.
  2. For APIs or IP addresses that may be mistakenly blocked by HTTP flood protection, you can use HTTP ACL Policy to whitelist these source IPs.
  3. Do not enable the emergency mode for native apps or API services.

We recommend that you use Anti-Bot Service for more targeted protection and flexible handling methods.

For example, blocking IP addresses may affect NAT. Anti-Bot Service allows you to use cookies or request parameters to calculate the request rate. You can also use slider captcha to verify the identity of the requester.

If your website targets Chinese users and there are a large portion of HTTP flood attacks originate from international regions, data centers, and public clouds, you can block requests from international regions to mitigate this attack with the Blocked Regions feature in WAF.

Malicious requests in HTTP flood attacks are arbitrarily constructed and contain abnormal or unusual packets compared with normal requests. To handle these requests, you can analyze their features and add HTTP ACL policies to block the malicious requests.

For detailed procedure and how to protect important APIs from abuses, how to prevent malicious scans, fake apps and Web crawlers, please go to Best practices for HTTP flood protection.

Related Documentation

HTTP flood protection - Web Application Firewall

HTTP Flood protection helps you block HTTP flood attacks in different modes, including Normal and Emergency. After adding your website to the WAF protection list, you can enable HTTP Flood protection and select an appropriate protection mode for the website. Upon identifying an HTTP flood attack, WAF disconnects from the client to protect your origin. The Business and Enterprise editions support advanced HTTP flood protection.

In this article, you can get the detailed procedure on how to configure HTTP flood protection mode.

Custom HTTP flood protection

The Business and Enterprise editions of Alibaba Cloud WAF support customizing HTTP flood protection rules to apply rate-based access control.

The frequency of certain URLs can be restricted from accessing your server by applying custom protection rules in the console. For example, you can define the following rule: when a single source IP address accesses www.yourdomain.com/login.html for more than 20 times within 10 seconds, then block this IP address for one hour.

Related Blog Posts

How to Protect Your Websites from HTTP(S) Flood

By default, your domain protected by the Anti-DDoS Pro instance uses the Normal HTTP flood protection mode. You can change the mode as you needed.

  1. Log on to the Anti-DDoS Pro console.
  2. Go to Protection > Setting > Web Attack Protection page, select Instance, and select Domain.
  3. Locate the HTTP Flood Protection area, click to select the defense mode.

Anti-DDoS Pro also supports custom HTTP flood protection rules for you to customize precise HTTP flood defense rules. You can configure defense rules for specific URLs with this functionality.

Deploying Anti-DDoS, CDN, and WAF on Alibaba Cloud

In this tutorial, we'll discuss how to deploy Anti-DDoS, Content Delivery Network (CDN), and Web Application Firewall (WAF) all together to accelerate and secure our websites or web applications on Alibaba Cloud. For this solution to work correctly, you must have both Alibaba Cloud domestic and international accounts.

In case of "China service", for those who want to apply Anti-DDoS, CDN, and WAF features together on Alibaba Cloud environment, consider using SCDN(Secure CDN) on a Domestic account and WAF on an International account together. In case of International account, we cannot simultaneously utilize Anti-DDoS and CDN at the time of writing. In this way, this alternative can make it possible, before SCDN product on International account is released. Once again, this scenario works only for Chinese regions.

Related Course

Alibaba Cloud Web Application Firewall – Live Demo

Alibaba Cloud WAF is a web application firewall that monitors, filters, and blocks HTTP traffic to and from web applications. Based on the big data capacity of Alibaba Cloud Security, Alibaba Cloud WAF helps to defend against common web attacks such as SQL injections, Cross-site scripting (XSS), web shell, Trojan, and unauthorized access, and to filter out massive HTTP flood requests. It protects web resources from being exposed and guarantees website security and availability.

In this video, we show how to use and how to configure Web Application Firewall. WAF will be used to protect the website and we will showcase WAF in action.

0 0 0
Share on

Alibaba Clouder

2,605 posts | 746 followers

You may also like