HTTP flood attacker volumetric attack, allien using a botnet “Zombie
army”. It is bring down the targeted site or server. It is also a type of DDOS
attack.
HTTP flood
attacks are very difficult to differentiate from valid traffic because they use
standard URL requests. This makes them one of the most advanced non-vulnerability
security challenges facing servers and applications today. Traditional
rate-based detection is ineffective in detecting HTTP flood attacks, since
traffic volume in HTTP floods is often under detection thresholds.
The most
highly-effective mitigation on a combination of traffic profiling methods,
including identifying IP reputation, keeping track abnormal activity and
employing progressive security challenges (e.g., asking to parse JavaScript).
Attacker use
illegal version like .9. WAF trigger the alert of HTTP illegal HTTP version.
If an
application server receives too many headers there are more headers than are
defined as the max. according to the config.
Prevent:-
The max. number
of headers can be increased using the ‘Maximum Headers’ property associated
with the HTTP transport or the ‘limitNumHeaders’ property on a transport
channel.
WAF detect HTTP parameter pollution attack and customer can choose to
either alert or block session that attempt to pass multiple HTTP parameter like
null value.
Null character is harmful may be it’s deploy the null injection.
Prevent:-
WAF policy-“null character in parameter name” that is currently set to
alert customer should review that alerts generate the policy and check for any false positive.
See the below Null injection blog