Hluboká nad Vltavou, December 5, 2024 – Yesterday (December 4, 2024), our cloud-based Web Application Firewall (WAF) faced the strongest HTTP flood attack of the year. The attack targeted a government website of one of our clients using the Ultimate variant of WEDOS Global Protection. It occurred in two waves with a brief pause and lasted approximately 50 minutes in total.
At its peak, our cloud WAF was receiving an astonishing 5,289,747 requests per minute from 3,066 unique IP addresses. In total, we filtered out 71,355,578 malicious requests in more than 70 locations around the world.
The attack was likely carried out using a botnet composed of compromised VPS (Virtual Private Servers) and dedicated servers.
Most of the malicious requests were mitigated by additional layers of our protection before reaching the cloud WAF, and thus are not included in the reported statistics.
What is an HTTP Flood Attack?
An HTTP flood attack is a type of Layer 7 (L7) attack targeting the application layer of the OSI model. Its goal is to overwhelm servers with requests that appear legitimate, causing overload or unavailability. This type of attack is more challenging to detect and mitigate since the attacker’s requests are indistinguishable from normal traffic at first glance.
WEDOS Global Protection and the Ultimate variant
WEDOS Global Protection offers top-tier protection against cyberattacks, including large-scale DDoS attacks. The Ultimate variant is the highest level of protection available, featuring advanced traffic analysis and detailed filter configurations by our specialists. It is ideal for critical applications such as government websites, financial systems, large e-commerce platforms, and other highly sensitive projects.
WEDOS Global – The Infrastructure of the Future
WEDOS Global is a decentralized global infrastructure operated on our own servers in numerous locations. It ensures not only high availability and connection speed but also robust protection against cyber threats. The system is designed to filter out most malicious traffic efficiently before it reaches the applications themselves.
Thanks to anycast technology, each location handles only its local traffic, allowing even large-scale attacks to be distributed. Over 70 global locations are exclusively reserved for our customers.
About WEDOS Internet, a.s.
WEDOS Internet, a.s., headquartered in Hluboká nad Vltavou, is a leader in web hosting and cloud services in the Czech Republic. Since 2023, we have been heavily investing in the development of the WEDOS Global infrastructure and rapidly expanding internationally. Our primary focus is Europe, where we easily meet stringent EU regulations. All our services comply with the upcoming NIS2 Directive and GDPR regulations, providing us with a significant competitive advantage over foreign, particularly American, companies that often lag behind or are unable to meet these standards.