Throttling 404 requests to protect against DoS attacks

Question

First off, I would like to say that calling me a noob would be an insult to noobs.  With that said! I am investigating the possibility of throttling 404 requests in order to prevent potential DoS attacks.  The general idea is that if someone bad was to flood our site with equally bad URLs then what is the best way of handling that? &nbsp;
Our first idea was to make the 404 handling really efficient.  However, my boy Todd made quick work of this.  Now we are thinking that when someone is producing a high number of 404 then we will mark them as one of the "baddies".  Afterwards, whenever a request from this person is made then we will politely send them a 503.  Does this sound reasonable?  If it does then how could I use this produce to achieve our goal?  &nbsp;

what_lies_bene1 · Answer

I'm not sure you've thought this through. Wouldn't an attacker prefer to make multiple requests for correct but 'heavy' URLs? What happens if someone makes a mistake coding a web page and genuine clients make invalid requests because of it?&nbsp;
Whilst it's more than possible to use an iRule to meet your stated goal, introducing logic to reduce false negatives and cover other eventualities will make it very complex and considering other possible attack vectors it's probably not worth the effort.&nbsp;
ASM is of course an option.&nbsp;

Forum Discussion

Throttling 404 requests to protect against DoS attacks

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

HTTP Request Throttle

Beyond REST: Protecting GraphQL

HTTP Request Throttle by IP and UserAgent

L7 DoS Protection with NGINX App Protect DoS

How To Protect Your Applications from Cross Site Request Forgery (CSRF) with F5 Distributed Cloud