Get a free application, infrastructure and malware scan report - Scan Your Website Now

Subscribe to our Newsletter
Try AppTrana WAAP (WAF)
Managed WAF Start at $99

Application Layer 7 DDoS Attacks

Posted DateJuly 18, 2019
Posted Time 3   min Read

In today’s day and age, websites and web applications play a central in the business strategies of most businesses. These web properties need to be agile, fast, and efficient with zero downtimes or latencies. Or, the business stands to lose customers who will immediately bounce and go to the competitor’s website.

Distributed denial of service (DDoS) attacks, by causing downtimes and crashes, make websites and web applications unavailable to legitimate traffic. Apart from the monetary losses, businesses also face the hefty loss of brand image, goodwill, and reputation due to their high noticeability. DDoS attacks are often used as smokescreens for other malicious activities and attacks and are, therefore, detrimental to business profitability and growth. So, businesses need to have a proactive approach towards DDoS protection to ensure the sustained and consistent availability of their website and web applications.

Understanding the different types of DDoS attacks

To prevent DDoS attacks, it is critical that businesses understand the different types of these attacks that can happen and accordingly, choose a mitigation strategy and solution.

DDoS attacks are often equated with volumetric and network-level attacks. However, only half the DDoS attacks are volumetric or network layer attacks such as UDP flooding, ICMP flooding, SYN Floods, DNS Amplification, etc. which overwhelm the webserver/ application with voluminous fake/ illegitimate requests to erode the bandwidth and other resources and make the website unavailable.

The other half of the DDoS attacks are Application-layer or Layer 7 attacks which are often small and silent. Layer 7 attacks leverage loopholes, vulnerabilities, and/or business logic flaws in the application layer to orchestrate the attacks. These attacks do not require lots of devices, packets, or bandwidth; they are often less than 1Gbps in magnitude. Attackers send seemingly legitimate requests to take down the application; often requesting access to load a single page. These very qualities make Layer 7 attacks much sneakier and more dangerous. Examples of Layer 7 attacks are Slowloris, GET/POST Floods, etc.

Most Common Layer 7 Attacks

The most common application-layer DDoS attack is the HTTP Flooding. There are 4 different categories in HTTP flooding.

1. Basic HTTP Floods:

As the name suggests, these are the simplest and most common HTTP Flooding attacks. The attackers use the same range of IP addresses, user agents and referrers (smaller in number than volumetric attacks) to gain access to the same webpage or resource over and over again. The server is unable to handle the sudden flow of requests and crashes.

2. Randomized HTTP Floods:

In this kind of HTTP Flooding attacks, attackers leverage a wide range of IP addresses, randomized URLs/ user agents/ referrers to carry out more complex attacks. Here, botnets may be controlling a number of different devices that are probably infected with malware and that they use to send these GET/POST requests to the server.

3. Cache-bypass HTTP Floods:

These are a sub-category of Randomized HTTP flooding attacks where attackers use different strategies to bypass the web application caching systems and force the server to use up a lot of bandwidth in completing the requests. One example is attackers searching for un-cached content or generic dictionary searches that use up server resources and cause downtimes. Cache Bypass Flooding attacks are considered to be the smartest.

4. WordPress XML-RPC Floods:

In this attack type, attackers leverage the simple WordPress pingbacks of several other WordPress installations as a reflection for orchestrating the Flooding Attack.

Randomized HTTP flooding and Cache-Bypass HTTP flooding are the most common even among the HTTP flooding attacks.

5. Slowloris Attacks:

This is the easiest, most common, and most lethal among the Application-layer DDOS attacks. The lethalness and viciousness of this attack type lie in its underlying simplicity. Slowloris attacks do the opposite of the volumetric attacks – instead of bombarding the server with many requests, the server is sent payloads slowly (hence the name slow loris) while keeping the connection open for a long period of time.  By launching this attack, even in very low volumes, the server connection pool can be exhausted in waiting to receive the full request from the slow loris attack payloads, thereby, preventing it from serving other legitimate users

The key to protecting against Layer 7 attacks

As mentioned earlier, it is critical yet difficult to identify Layer 7 DDoS attacks because of their sneakiness and seeming to request legitimacy. To address these attacks, the DDoS mitigation solution must:

  • provide always-on, instant protection including real-time alerts
  • allow custom rules and policies
  • include the services of certified security experts
  • provide security analytics to be prepared for future attacks
  • provide real-time visibility to the risk posture.

But most DDoS mitigation solutions tend to focus singularly on volumetric attacks and do not offer such comprehensive security against Layer 7 attacks. Make sure to choose a DDoS protection service that offers an intelligent and comprehensive managed WAF such as AppTrana so that you can ensure your web applications are always available.

Stay tuned for more relevant and interesting security articles. Follow Indusface on FacebookTwitter, and LinkedIn.

web application security banner

Spread the love

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

DDoS Attack Mitigation Playbook
DDoS Attack Mitigation Playbook for SOC and DevOps Teams

Facing DDoS threats? Arm your SOC & DevOps teams with effective mitigation strategies. Explore geo-fencing, IP blacklisting, and rate limiting in our playbook.

Spread the love

Read More
poor firewall implementation paves way for DDoS attacks
Poor Firewall Implementations Pave Wave for DDoS Attacks

What are these implementation flaws that make firewalls susceptible to DDoS attacks? What can you do to fortify their security posture?

Spread the love

Read More
Behavioural DDOS Protection
Under the hood of Behavioural DDOS Protection

Blog Series 2 out of 2 In the last blog, we saw why static rate limits do not work and why behavioural DDOS is required. Now, let’s investigate how these.

Spread the love

Read More


Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Know More Take Free Trial


Indusface is the only cloud WAAP (WAF) vendor with 100% Customer Recommendation for 3 consecutive years.

A Customers’ Choice for 2022 and 2023 - Gartner® Peer Insights™

The reviews and ratings are in!