Handling a DDOS Attack

A Distributed Denial of Service attack overwhelms a web server with requests from many fake users. This prevents real users from receiving timely responses. The following approach should put real users on equal footing with fake users so that this doesn’t occur.

Instead of sending requests to a single queue, there would be a list of queues with one per user and requests would be sent to the appropriate queues. A hash table would be used to find these queues.

The web server would process requests for each user in turn for a single web page. When it reaches the end of the request list, it would start over at the beginning.

The request list would be expanded when new users send requests and reduced when users have not sent a request for some time, such as 15 minutes. If any of the users are found to be invalid, such as by having an invalid IP address, then the hash table would point this user’s entry to null so that further requests relating to it are ignored.

Last updated: 6-July-2022