Forum Discussion
NimbostratusThrottling 404 requests to protect against DoS attacks
First off, I would like to say that calling me a noob would be an insult to noobs. With that said! I am investigating the possibility of throttling 404 requests in order to prevent potential DoS attacks. The general idea is that if someone bad was to flood our site with equally bad URLs then what is the best way of handling that?
Our first idea was to make the 404 handling really efficient. However, my boy Todd made quick work of this. Now we are thinking that when someone is producing a high number of 404 then we will mark them as one of the "baddies". Afterwards, whenever a request from this person is made then we will politely send them a 503. Does this sound reasonable? If it does then how could I use this produce to achieve our goal?
1 Reply
What_Lies_Bene1Cirrostratus
I'm not sure you've thought this through. Wouldn't an attacker prefer to make multiple requests for correct but 'heavy' URLs? What happens if someone makes a mistake coding a web page and genuine clients make invalid requests because of it?
Whilst it's more than possible to use an iRule to meet your stated goal, introducing logic to reduce false negatives and cover other eventualities will make it very complex and considering other possible attack vectors it's probably not worth the effort.
ASM is of course an option.
