Prevention

To prevent them is to:

Reduce requests reaching those servers (caching, firewalls)
Disallow unauthorised IPs to make requests.

Pasted image 20240813235304.png

1. Caching

Stores copies of frequently accessed resources (images, CSS files).

More at -> Cache

Pasted image 20240813235550.png

Caching reduces the number of requests going to your origin server, which makes it harder for your server to get overwhelmed by traffic.

2. Web App Firewall (WAF)

Pasted image 20240814000151.png

Creates a shield between a web app and the Internet.
This shield checks incoming web requests and filters undesired traffic to help mitigate many common attacks.

Note

Any traffic that bypasses your web application will also bypass any WAF or caching and has a stronger chance of overwhelming your origin, mitigation should act then

3. Prevent External Connections

Pasted image 20240814000333.png

Your origin server should only accept requests coming from your web application.

4. Additional Steps:

Rotate IP address (for sub-domain) inside DNS Name Server
Host SMTP mail server externally -> Emails sent to non-existent addresses get bounced back to the attacker and reveal the mail server IP address.

Built with

DataHub Cloud