"Loading..." "Loading..."
"Loading
..."
When the user browses the website or uses the software, the above waiting information will greatly reduce the user experience. Statistics show that due to such reasons, potential customers may leave your website or software in just three seconds.
We studied the server response time (the time required for the client request and the server to respond to the request) and how to make the server reject DoS attacks.
Server response time is measured by the time it takes to get the first response byte (TTFB) after sending an HTTP request, which is an important performance indicator of a website. The ideal server response time is 200 to 250 milliseconds. Any response time higher than 500 milliseconds is regarded as a slow server response time and requires attention.
There are many reasons for the slow server response, one of which is the lack of proper hosting. It also includes the complexity of your website, third-party plug-ins, client-side caching, back-end server problems, and attacks such as Black Friday or DoS attacks, which will cause slow server response and compromise security.
When the web server receives a request for a website, it will respond by running a database query and loading multiple files. The purpose of a DoS attack is to make the website unavailable. When the server encounters a large number of requests in a short period of time, the website may crash.
DoS has multiple attack modes
Volume-based attacks: User Data Protocol (UDP), Internet Control Message Protocol (ICMP) and other deceptive data packets flood.
Protocol-based attacks: SYN, ping, etc.
Application layer attacks: HTTP, GET/POST, low-speed and slow-speed attacks.
Application layer DoS attacks (such as HTTP) target Apache web server and Windows. The attack is carried out by injecting a large number of HTTP requests to the Web server in a short period of time.
Another variant of DoS attack is distributed DoS attack or DDoS attack. This attack is carried out by sending requests from multiple IP addresses. In this case, looking at HTTP request traffic is of little help, because multiple request sources make it very difficult to distinguish normal traffic from malicious traffic. This is why the detection of DDoS attacks through network traffic monitoring alone may not be effective.
Server response time is an indicator that is obviously affected during a DoS attack, which is five to ten times higher than normal response time. Monitoring the server response time (or the number of requests) can be very effective in detecting DDoS attacks, rather than just monitoring the client IP address.
ManageEngine EventLog Analyzer is a comprehensive log management tool that can monitor Windows Internet Information Server, (IIS) Web Server and Apache server logs. It provides ready-made reports of various DoS attacks.
With its comprehensive alarm function, you can use EventLog Analyzer to set up custom alarms that use a variety of conditions to detect slow response from servers in the network and get real-time notifications. After receiving the alert, you can quickly find the cause by viewing the relevant access logs, such as the error log and the large number of web server reports contained in other web server logs.