Distributed Abnormally Long request

HTTP flood attacker volumetric attack, allien using a botnet “Zombie army”. It is bring down the targeted site or server. It is also a type of DDOS attack.

HTTP flood attacks are very difficult to differentiate from valid traffic because they use standard URL requests. This makes them one of the most advanced non-vulnerability security challenges facing servers and applications today. Traditional rate-based detection is ineffective in detecting HTTP flood attacks, since traffic volume in HTTP floods is often under detection thresholds.

The most highly-effective mitigation on a combination of traffic profiling methods, including identifying IP reputation, keeping track abnormal activity and employing progressive security challenges (e.g., asking to parse JavaScript).

Distributed Illegal HTTP version

Attacker use illegal version like .9. WAF trigger the alert of HTTP illegal HTTP version.

Distributed Too many headers per response

If an application server receives too many headers there are more headers than are defined as the max. according to the config.

Prevent:-

The max. number of headers can be increased using the ‘Maximum Headers’ property associated with the HTTP transport or the ‘limitNumHeaders’ property on a transport channel.

Variation of HTTP Parameter

WAF detect HTTP parameter pollution attack and customer can choose to either alert or block session that attempt to pass multiple HTTP parameter like null value.

Null character is harmful may be it’s deploy the null injection.

Prevent:-

WAF policy-“null character in parameter name” that is currently set to alert customer should review that alerts generate the policy and check for any false positive.

See the below Null injection blog