Mechanisms of HTTPS Flood Attack and Defense
This section describes the mechanisms of HTTPS flood attack and defense.
An attacker launches massive HTTPS connections to the target server directly or through proxies or botnets. As a result, the server is overloaded and unable to respond to legitimate requests.
To prevent such attacks, you can enable source authentication on the FW to defend against HTTPS flood attacks. The FW can collect statistics on the rate of HTTPS packets (regardless of request or response packets) destined for port 443 based on the destination address. When the rate of HTTPS packets destined for the same IP address with the destination port being 443 reaches the alarm threshold, source authentication is enabled. Figure 1 shows the procedure of HTTPS source authentication.
