HTTP Flood is a type of DDoS attack that belongs to the application attacks family. During the attack, the attacker sends an HTTP GET or POST requests to an application or a web server.

The requests sent seems legitimate containing a valide header and entire message correct and complete. However, the message body sent in an extremely slow rate what causing the targeted server try to obey it for a very long time. Sending a large number of these requests establishing connection making any other legitimate incoming connection impossible.

Notes:

• This attack does not requiers a large bandwith to bring the target down. However, it is requiers understing about the targeted application or site.
• The legitimacy of the requests sent make the attack harder to detect and block.