In data communication networks, client machines may send Hypertext Transfer Protocol (“HTTP”) requests to a server. The HTTP request may include a request for content, such as a request for a web page from a web server. Upon receiving an HTTP request, the web server may maintain an open communication with the client to receive further requests and serve responses.
Denial-of-service (“DoS”) attacks attempt to make a machine or network resource (e.g., a web server) unavailable to its intended users (e.g., client machines). For example, a denial-of-service attack may cause a web server to become unavailable or slow to respond by saturating the server with external communication requests. These external communication requests may consume the server's resources so that the server can no longer provide its intended service, or obstruct the communication media (e.g., network) between the intended users and the victim so that they can no longer communicate adequately.
A large-request-body attack is a type of HTTP DoS that tries to keep many connections to the target web server open and hold them open as long as possible. The large-request-body attack accomplishes this by opening connections to the target web server and sending the large body of the HTTP request in small bits at regular intervals (e.g., just before idle timeout), keeping the server connections busy for longer durations. Affected servers may keep these connections open, filling the server's maximum concurrent connection pool, and eventually deny additional connection attempts from clients.