Using a Web Application Firewall (WAF) to Mitigate Denial of Service (DoS) Attacks

In simple terms, a denial of service (DoS) attack is an attack intended to make a resource unavailable to users. Historically intended to bring down services, resources, and websites (e.g., In its early days, Twitter was a frequent target for DoS attacks), DoS attacks could become an increasingly pervasive part of our lives as our lives become more and more intertwined with technology. There was an interesting article in Computerworld last week that suggested some future scenarios … like DoS botnets taking down a building automation system, remotely locking the building and holding the people inside for ransom.

Regardless of what the future holds, DoS attacks today primarily target websites. So we often get asked how our web application firewall (WAF), Alert Logic Web Security Manager, mitigates these attacks. Like most WAFs, Web Security Manager has a number of technology features to protect against DoS attacks. Equally (or maybe even more) important is that Web Security Manager is fully managed, meaning our WAF security experts provide monitoring and tuning of your WAF 24x7x365.

We feel that our managed service approach is vital to protecting against DoS or any type of web attack. The only good web application firewall is a properly managed one, and we do just that: aggressively manage your WAF solution, without impacting your business or your resources.

Web Application Firewall Technology Features

In addition to being fully managed, Web Security Manager is also a technologically advanced WAF and includes many features to protect websites from DoS and other attacks. These include:

  • Network level protection includes limiting request rate and concurrency by outright blocking IPs exceeding limits.
  • At the application level, Web Security Manager can slow requests and protect against brute force attempts and other rate based attacks through HTTP request throttling and connection limiting. These techniques also help ensure that resources are optimized in peak situations.
  • For DoS attacks that exhaust server resources by making requests extremely slow (thereby hogging server resources that are waiting for client input), Web Security Manager combats these attacks by:
    • Enforcing timeout limits for both client request header and client request body. If the request header or the request body is not received within a set timeout, the connection is closed. Attacks like Slowloris and Slow HTTP POST that are notorious for sending requests slowly can be dealt with via this type of timeout configuration.
    • Buffering all client requests before sending them to the backend server. For example, Web Security Manager can ensure that slow GETs or POSTs are received in their entirety before handing off to the backend server.

Underlying Structure

Finally, because Web Security Manager is based on Nginx, a high-performance HTTP server, it can inherently handle extremely large numbers of concurrent requests, even slow ones. And because Nginx is event-based, a single request consumes a very small amount of resources since it doesn’t need to spawn new processes or threads for each request.

Complete OWASP Protection

Web Security Manager protects against much more than DoS attacks. It protects against web based attacks and provides protection against all the OWASP Top Ten risks. Web Security Manager also fully satisfies the Payment Card Industry Data Security Standard (PCI DSS) section 6.6 requirements. Web Security Manager can protect Web applications and Web sites in any language, including double byte languages such as Japanese, Korean and Chinese.

You can get more information about Web Security Manager on our website. And if you’d like to see how Web Security Manager can protect your website against other types of attacks, leave a comment in the Comments box below and we’ll share similar write-ups in future articles.