After recently exposing a cryptocurrency scam, our website has been getting hit with daily DDOS attacks. The attacks send millions of requests to our origin server, temporarily crashing it. In this article, I will explain how to identify and mitigate against a Layer-7 HTTP Flood DDOS attack using Cloudflare.
What is a Layer-7 DDOS Attack?
Layer-7 is the application layer in our network stack. This is where user interaction happens on the web, such as clicking links, typing in the search bar, etc.
A Layer-7 DDOS attack, means the attackers are using the application layer to overwhelm the system and ultimately crash the servers.
How to Identify a Layer-7 DDOS Attack?
The easiest way to identify a Layer-7 DDOS attack is by taking a look at your server access logs. In our case, we saw a huge amount of requests coming in a short period of time. After awhile, the server couldn’t keep up and started returning 404 errors.
Huh token is back at it trying to DDOS us. Who knew exposing crypto scams would be so much fun! https://t.co/nYxlpVKo4s pic.twitter.com/Htfevhqw0N
— The VR Soldier (@thevrsoldier) November 17, 2021
How to Mitigate a Layer-7 DDOS Attack?
The best way to mitigate against a Layer-7 DDOS attack is by enabling caching for incoming requests using Cloudflare.
In our case, since all the requests were going to our homepage. We created a page rule that cached every request on our site.
You can check if Cloudflare is caching your pages by using curl in your windows shell.
curl -svo /dev/null https://thevrsoldier.com/
Will return:
CF-Cache-Status: HIT
A status of HIT means that the url was served via Cloudflare’s cache, meaning your origin server never has to deal with the request.
In the chart below, you can see that adding the page rule successfully mitigated the latest DDOS attack. The peaks are when our servers were being hit with millions of requests. The blue bar represents the amount of requests our origin server had to respond to. The orange bar represents how many requests Cloudflare responded to.
As you can see, at 3:00, Cloudflare served over 2M requests, buffering all the traffic to our servers. In previous attacks, the DDOS was bypassing Cloudflare’s cache because we didn’t have the page rule enabled.
Conclusion
Being hit with DDOS attacks can be frustrating and unpleasant to deal with. However, with the right tools one can mitigate against even the most sophisticated DDOS attacks.
For a basic Layer-7 DDOS, setting a more aggressive cache on your servers is the easiest solution. Thankfully, Cloudflare makes it easy to adjust your cache settings on the fly, making it easy to respond to most forms DDOS attacks.
Follow us on twitter @thevrsoldier to stay up to date with the latest cryptocurrency news!