aiCache Denial of Service attack Identification and mitigation. DDOS DOS

Customer Apps>Developers>aiCache Denial of Service attack Identification and mitigation. DDOS DOS
aiCache Denial of Service attack Identification and mitigation. DDOS DOS aiCache allows identification and negation of Denial of Services attacks by front ending web sites, identifying DOS attacks and mitigating the effects as well as enforcing sanity rules on HTTP traffic.


Inquiry e-mail address:
Amazon Web Services Used: EC2 Instances, Devpay
Solution URL:
Audience: Amazon Associates, Businesses, Developers
Pricing: For a fee
How does this application use Amazon Web Services?: EC2 Instances, Devpay
Created On: January 12, 2010 1:02 AM GMT
Last Updated: March 29, 2012 6:44 PM GMT


aiCache automates the process of identifying and negating DDOS attacks while tracking the source and method of the attack. This allows system operators to identify when they are under attack, remove the user impact and and make their environments more secure.

The first step in protecting against DOS is using aiCache to enforces client time-limits. This means a client must provide a complete, well-formed request header within a set period. After providing request header, client must then provides a complete, well-formed request body, (a complete request,) within a certain time. This negates Denial of Service (DOS) attacks, where idling connections are opened to a web site in the hope of overwhelming its capacity to sustain large numbers of TCP sessions.

aiCache enhances this protection by providing additional security features. Hackers attack websites by feeding them URLs configured to cause buffer overflows, resulting in execution of malicious code. When such malformed requests or URLs are discovered, websites are left at the mercy of their software providers to address the problem.

Often there's no way to prevent this dangerous URLs from hitting the web servers, as there is nothing in front of the victimized site to filter out these dangerous URLs.

To protect against such malicious/malformed requests using aiCache, you can specify maximum HTTP header size and body size. You can also initiate URL blocking for DOS protection, which provides URL length limit enforced at the website or pattern level.

To assist in troubleshooting of malicious/malformed requests, aiCache writes out such requests a directory for analysis.

aiCache can disable sending an error response whenever a bad or blocked request is detected,instead it will immediately drop the client connection (via TCP reset), so that no error response is sent to the client and the resources is freed to continue processing legitimate requests.

These protection tools are in addition to the core Web Application Acceleration features of aiCache and can be implemented regardless of platform, without code or architecture changes to the site.

aiCache can also be set to go into its protection modes automatically. Please see video for details.

Free aiCache test tool - No registration required

Technical Wiki


©2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.