Hello, We faced a DDOS Attack on our web site very recently. The nature of attack is a HTTP Flood Attack which raised our bandwidth utilization form 2MBPS to 20 MBPS
We have CDN edge caching servers for content delivery to the end user. There are around 1.2 Million requests made to the apache web server in 20 minutes with one specific pattern. For ex: http://www.abc.com/index.html?~77462375 Request appended with query string with random sequence number. The Website usually responds with default page for every such request. But within no time the web servers resources got exhausted and was unable to respond. Leading to total downtime. I have attached a white paper which describes about similar attacks which we have undergone. We need a rule from mod_security crs which can defend the attack and drop such kind of requests. Regards, Chaitanya Qatar Airways - Proud member of the oneworld alliance. Disclaimer:- This message (including attachments) is intended solely for the addressee named above. It may be confidential, privileged, subject to copyright, trade secret, or other legal rules and may not be forwarded without the author's permission. If you are not the addressee you must not read, copy or disseminate this message. If you have received it in error please notify the sender immediately and delete the message from all storage devices. Any opinions expressed in this message do not necessarily represent the official positions of Qatar Airways. Any agreements (including any warranties, representations, or offers) concluded with Qatar Airways by using electronic correspondence shall only come into existence if an authorized representative of Qatar Airways has explicitly approved such contract formation. To the fullest extent permissible by law, Qatar Airways disclaim all liability for loss or damage to person or property arising from this message being infected by computer virus or other contamination.
1109.4404.pdf
Description: 1109.4404.pdf
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
