What are HTTP GET/POST flood attacks?

  • I want to know what the main differences are between HTTP GET and POST flood attacks and mitigation strategies for both.

    I searched a lot but I really can't find some good articles nor examples about these attacks.

  • When an HTTP client (say, a Web browser) talks to an HTTP server (a Web server), it sends requests which can be of several types, the two main being GET and POST. A GET request is what is used for "normal links", including images; such requests are meant to retrieve a static piece of data, the URL pointing to that piece of data. When you enter a URL in the URL bar, a GET is also done.

    POST requests are used with forms. A POST request includes parameters, which are usually taken from the input fields on the same page.

    When flooding, the attacker wants to submerge the target server under many requests, so as to saturate its computing resources. Flooding works best when the server allocates a lot of resources in response to a single request. Since POST requests include parameters, they usually trigger relatively complex processing on the server (e.g. database accesses), which are more expensive for the server than serving a much simpler GET. Thus, POST-based flooding tends to be more effective than GET-based flooding (it takes fewer requests to drown the server if the requests are POST). On the other hand, GET requests being much more common, it is often way easier for the attacker to enlist (involuntary) help in his flooding effort when GET-flooding (as @Rory says, it only takes a link for an inline image on a popular site, and everybody who browses that site automatically sends a GET request to the target server).

    (Of course, any particular Web site could do a lot of complex processing on some specific GET requests; I am only discussing average behaviour here.)

    Thanks for so detailed answer. So you said that with **HTTP GET FLOOD** the attacker uses the _URL_ to attack. But what does the attacker use for **HTTP POST FLOOD** ? Can you give me an example ? How does he manipulate the data sent to a page (let's say _php_ page) an alter/change its content?

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM