Compared with normal access, DoSDenial-of-Service, denial of Service (DoS) attacks do not have outstanding features. Therefore, they have always lacked effective protection methods. For websites, apart from common network-layer attacks, they must also deal with various attack methods at the application layer.
Network-layer DoS attacks consume Website access bandwidth through massive data transmission, which interferes with or even blocks normal Website access by common users. Therefore, they are also called "bandwidth-based attacks ". This type of attack is very intuitive, and obvious traffic exceptions can be detected on the attacked server and related network devices, in addition, with the rapid growth of network access bandwidth and the deployment and development of network devices such as routers and firewalls, the recognition and protection of such attacks have made great strides, In the DMZDemilitarized Zone, non-military zone) Web servers have been able to avoid violations to a large extent.
At the same time, due to the rapid development and enrichment of network applications, Web servers need to carry more and more functions, and their consumption and demand for system resources are also increasing, which makes DoS attacks on the application layer gradually become the mainstream. Unlike Network-layer DoS attacks, the application layer DoS attacks target host systems to consume system operations, memory, and other resources. Application-layer DoS attacks against Web servers can be carried out in many aspects: attackers can initiate various services at the same time, send massive access requests, maintain a large number of active connections, and establish many sessions, A malicious request can also cause a buffer overflow on the server. These attacks are designed based on the HTTP protocol. Therefore, it is difficult to protect the target Web server if you cannot deeply understand the HTTP protocol and identify specific access requests.
Traditionally, packet-based detection usually fails to identify DoS attacks at the application layer. Most of the protection measures based on routers, firewalls, or IPS are powerless, its role is also very limited. At the same time, barracuda provides a comprehensive solution with advanced technologies and profound accumulation: Web application firewall. Barracuda Web application firewall provides comprehensive security protection for Web servers. The defense measures against DoS attacks at the application layer include:
· Working mode of reverse proxy
By setting up a virtual server to provide external services, you can hide the real Web server and only forward access requests with the configured port such as 80/443. This reduces the processing workload of the Web server.
· Queue control
Control the concurrent access volume initiated from a single IP address and maintain the access queue to limit the usage of system resources by a single user.
· Access Frequency Control
If the frequency of accessing a website from a source address exceeds the threshold, access from the source address is blocked.
· Session tracking
If the number of new application sessions exceeds the threshold when an address accesses the website within a certain period of time, the address cannot continue to create a new task session.
· HTTP request restrictions
Limit the length of each parameter in an HTTP request. These restrictions can shield malicious access, so that the Web server can only respond to normal requests.
By using the above protection measures, barracuda Web application firewall can significantly improve the Web server's defense against DoS attacks at the application layer and ensure normal website operation.