HTTP post attack is a type of denial of service attack. An attacker sends a legitimate HTTP POST request with the header
Content-Length specified. The attacker then proceeds to send this content slowly. The server establishes a connection to the client and keeps it open to receive the request that it thinks is legitimate.
The attacker sends the number of such requests and effectively occupies the server’s entire connection pool. It blocks the service for other legitimate users and results in a denial of service.
Slow post attacks do not require a lot of resources for the attacker, and hence they are easy to launch and hard to mitigate.
In a normal request-response cycle, the client sends the request to the server, and the server responds. In a slow post-attack, the client sends the post request body very slowly to hog the network connection for a long period of time. Multiple such connections and the server will have no bandwidth to accept new connections.
In the slow post attacks, the sender sends the data extremely slowly but not slow enough for the server to timeout. In these attacks, the server would have a lot of connected clients. However, the actual processing load on the server would not be that high.
It is hard to differentiate these attacks from genuine slow connections, so they are difficult to prevent completely. However, certain steps can be taken to avoid these attacks:
View all Courses