Overview: Layer 7 Denial-of-Service (DoS)¶
A denial-of-service attack (DoS attack) makes a victim’s resource unavailable to its intended users, or obstructs the communication media between the intended users and the victimized site so that they can no longer communicate adequately. Perpetrators of DoS attacks typically target sites or services, such as banks, credit card payment gateways, and e-commerce web sites.
WAF provides automatic protection against Layer 7 DoS attacks by analyzing traffic behavior using machine learning and data analysis. For example, in the case of a Layer 7 DoS attack from a botnet, each request may be completely legal, but many requests all at once can slow down or crash the server. Layer 7 DoS can mitigate the attack by slowing down the traffic no more than necessary to keep the server in good health. Layer 7 DoS continuously monitors server health and loading, by means of a customer feedback loop, to ensure the real-time correlations, and validate server conditions, attacks, and mitigations. Any subsequent anomalies are put on watch, and the system applies mitigations (slowdowns or blocks) as needed.
WAF DoS instantly learns good traffic and monitors the protected application health. When service degradation is detected and identified as an attack, WAF DoS can mitigate the attack by using a multi-layer defense system of blocking requests from bad IP Addresses (of XFF), dynamically creating an attack signature to block similar patterns, or applying global rate limitation.