direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Inhalt des Dokuments

HTTP_reject - stateless web server to survive dDoS attacks

The web is a crucial source of information nowadays. At the same time, web applications become more and more complex. Therefore, a spontaneous increase in the number of visitors, e.g., based on news reports or events, easily brings a web server in an overload situation. In contrast to the classical model of distributed denial of service (DDoS) attacks, such a so-called flash effect situation is not triggered by a bulk of bots just aiming at hurting the system but by humans with a high interest in the content of the web site itself. While the bots do not stop their attack until told so by their operator, the user try repeatedly to access the site without knowing that the repeated reloads effectively increase the web server's overload. Classical approaches try to distinguish between real user and harmful requests, which is not applicable in this scenario. Simply restricting the number of connections leads to very technical error messages displayed by the users' client software if at all. Therefore, we implemented a mean to efficiently block connection attempts and to keep the user informed at the same time. A small subset of HTTP and TCP is statelessly implemented to display simple busy messages or relevant news updates to the end user with only few resources. Our prototype implementation is done in the Linux kernel as a netfilter firewall rule. Experiments showed the low resource consumption respectivally the high number of successfully served requests outnumbering any fully featured webserver.

If you are interested in the kernel module, contact us. More detailed information is available in the following publication:

Jörg Schneider and Sebastian Koch (2010). HTTPreject: Handling Overload Situations without Losing the Contact to the User. Proceedings of European Conference on Computer Network Defense (EC2ND 2010), 29-34.

Zusatzinformationen / Extras


Schnellnavigation zur Seite über Nummerneingabe


Sebastian Koch
+49 30 314-73389
Raum EN 360