{ "id": "e594c610-f608-4532-b231-22bde5c0dd9b", "created_at": "2026-04-06T02:11:59.506502Z", "updated_at": "2026-04-10T03:20:38.501583Z", "deleted_at": null, "sha1_hash": "fafe68898e486d14b186ca4af9595846f73b272a", "title": "HTTP flood DDoS attack", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 73928, "plain_text": "HTTP flood DDoS attack\r\nArchived: 2026-04-06 01:55:29 UTC\r\nWhat is an HTTP flood DDoS attack?\r\nAn HTTP flood attack is a type of volumetric distributed denial-of-service (DDoS) attack designed to overwhelm\r\na targeted server with HTTP requests. Once the target has been saturated with requests and is unable to respond to\r\nnormal traffic, denial-of-service will occur for additional requests from actual users.\r\nHow does an HTTP flood attack work?\r\nHTTP flood attacks are a type of “layer 7” DDoS attack. Layer 7 is the application layer of the OSI model, and\r\nrefers to internet protocols such as as HTTP. HTTP is the basis of browser-based internet requests, and is\r\ncommonly used to load webpages or to send form contents over the Internet. Mitigating application layer attacks\r\nis particularly complex, as the malicious traffic is difficult to distinguish from normal traffic.\r\nIn order to achieve maximum efficiency, malicious actors will commonly employ or create botnets in order to\r\nmaximize the impact of their attack. By utilizing many devices infected with malware, an attacker is able to\r\nleverage their efforts by launching a larger volume of attack traffic.\r\nThere are two varieties of HTTP flood attacks:\r\n1. HTTP GET attack - in this form of attack, multiple computers or other devices are coordinated to send\r\nmultiple requests for images, files, or some other asset from a targeted server. When the target is inundated\r\nwith incoming requests and responses, denial-of-service will occur to additional requests from legitimate\r\ntraffic sources.\r\nhttps://www.cloudflare.com/learning/ddos/http-flood-ddos-attack/\r\nPage 1 of 2\n\n2. HTTP POST attack - typically when a form is submitted on a website, the server must handle the\r\nincoming request and push the data into a persistence layer, most often a database. The process of handling\r\nthe form data and running the necessary database commands is relatively intensive compared to the amount\r\nof processing power and bandwidth required to send the POST request. This attack utilizes the disparity in\r\nrelative resource consumption, by sending many post requests directly to a targeted server until it's capacity\r\nis saturated and denial-of-service occurs.\r\nHow can an HTTP flood be mitigated?\r\nAs mentioned earlier, mitigating layer 7 attacks is complex and often multifaceted. One method is to implement a\r\nchallenge to the requesting machine in order to test whether or not it is a bot, much like a captcha test commonly\r\nfound when creating an account online. By giving a requirement such as a JavaScript computational challenge,\r\nmany attacks can be mitigated.\r\nOther avenues for stopping HTTP floods include the use of a web application firewall (WAF), managing an IP\r\nreputation database in order to track and selectively block malicious traffic, and on-the-fly analysis by engineers.\r\nHaving an advantage of scale with over 20 million Internet properties allows Cloudflare the ability to analyze\r\ntraffic from a variety of sources and mitigate potential attacks with quickly updated WAF rules and other\r\nmitigation strategies to eliminate application layer DDoS traffic.\r\nCloudflare DDoS Protection\r\nSource: https://www.cloudflare.com/learning/ddos/http-flood-ddos-attack/\r\nhttps://www.cloudflare.com/learning/ddos/http-flood-ddos-attack/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "references": [ "https://www.cloudflare.com/learning/ddos/http-flood-ddos-attack/" ], "report_names": [ "http-flood-ddos-attack" ], "threat_actors": [], "ts_created_at": 1775441519, "ts_updated_at": 1775791238, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/fafe68898e486d14b186ca4af9595846f73b272a.pdf", "text": "https://archive.orkl.eu/fafe68898e486d14b186ca4af9595846f73b272a.txt", "img": "https://archive.orkl.eu/fafe68898e486d14b186ca4af9595846f73b272a.jpg" } }