Ask HN: Help How Do You Mitigate a HTTP GET Flood DoS
This has been thoroughly abused over the past few weeks as I've been getting hundreds of millions of calls a day from countries all over the world in what I now believe is a DoS attack.
I've tried a few dozen things to try and stop it, including banning countries which has helped.
I've inspected the requests and they don't have any bogus query params to break caching like in the examples I've seen. It's just a simple GET to / on the API with a number of headers set.
Does anyone know of any helpful way to mitigate this kind of attack?
Here's a sample log event; {'type': 'REQUEST', 'resource': '/', 'path': '/', 'httpMethod': 'GET', 'headers': {'accept-language': 'ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7', 'X-Forwarded-Proto': 'https', 'X-Forwarded-For': '88.200.137.163', 'Host': 'myapi.co', 'X-Forwarded-Port': '443', 'accept-encoding': 'gzip, deflate, br', 'X-Amzn-Trace-Id': 'Root=1-5b1e2ce9-f7f53b56b21b4ae4aca1c49e', 'accept': '/', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36'}, 'queryStringParameters': {}, 'pathParameters': {}, 'stageVariables': {}, 'requestContext': {'resourcePath': '/', 'httpMethod': 'GET', 'extendedRequestId': 'ITv0aHJuFiAFkmw=', 'requestTime': '11/Jun/2018:08:03:53 +0000', 'path': '/', 'protocol': 'HTTP/1.1', 'stage': 'published', 'requestTimeEpoch': 1528704233073, 'requestId': 'fb4b5e8f-6d4d-11e8-9fcb-4f9526203fa9', 'identity': {'cognitoIdentityPoolId': None, 'accountId': None, 'cognitoIdentityId': None, 'caller': None, 'sourceIp': '88.200.137.163', 'accessKey': None, 'cognitoAuthenticationType': None, 'cognitoAuthenticationProvider': None, 'userArn': None, 'userAgent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36', 'user': None}}}
1 comment
[ 4.1 ms ] story [ 10.0 ms ] thread