Evaluation of HTTP DDOS cyber attack on web servers Apache and Nginx
Loading...
Supplementary material
Other Title
Authors
Tang, Haotian
Author ORCID Profiles (clickable)
Degree
Master of Computing
Grantor
Unitec, Te Pūkenga - New Zealand Institute of Skills and Technology
Date
2024
Supervisors
Kolahi, Samad
Kabbar, Eltahir
Thomson, Liam
Kabbar, Eltahir
Thomson, Liam
Type
Masters Thesis
Ngā Upoko Tukutuku (Māori subject headings)
Keyword
Distributed Denial of Service (DDoS)
DDoS attacks
cyber attacks
network security
computer security
DDoS attacks
cyber attacks
network security
computer security
ANZSRC Field of Research Code (2020)
Citation
Tang, H. (2024). Evaluation of HTTP DDOS cyber attack on web servers Apache and Nginx (Unpublished document submitted in partial fulfilment of the requirements for the degree of Master of Computing) Unitec, Te Pūkenga - New Zealand Institute of Skills and Technology) https://hdl.handle.net/10652/6499
Abstract
DDoS attack is one of the most common cyber-attacks. Usually, attackers will manipulate zombie hosts distributed in different geographical locations to send thousands of network messages to flood servers or network devices, occupying and consuming the resources of these network devices or systems, making them unable to respond to subsequent Requests from normal users. This cyber-attack has caused enormous economic and reputational losses to enterprises and institutes. However, there is currently no particularly ideal solution to this cyber issue. Among many DDoS attacks, application-layer DDoS attacks have been favoured by hackers in recent years. Application layer DDoS is mainly realized by sending a large amount of HTTP or HTTPS to the web server; this type of attack is also referred to as the HTTP DDoS Flood attack. Currently, many popular web servers are on the market, among which Nginx and Apache are the most used; these web servers have different concurrency resistance. Therefore, it is necessary to evaluate the performance of web servers under real HTTP DDoS.
This thesis reviewed typical DDoS attacks and then focused on HTTP DDoS Flood attacks at the application layer. We used a real testbed to evaluate the latest version of Linux Ubuntu22.04 operating system and the latest versions of Apache and Nginx through four key indicators: Transactions Per Second (TPS), Average Response Time, HTTP Requests Error Rate and CPU Utilization. The impact of the HTTP DDoS Flood attack on the performance of two web servers was analysed. This study focused on implementing five mitigation measures for Apache and Nginx and evaluating their effectiveness in mitigating HTTP DDoS Flood attacks. For Apache, the implemented measures include Mod_limitipconn, Mod_evasive, Fail2ban, Rate Limiting and Load Balancing. On Nginx, the mitigations adopted are limit_conn + limit_req, Mod_Security, Fail2ban, Rate Limiting and Load Balancing.
This study concluded that a web server’s ability to handle legitimate Requests dropped significantly during HTTP DDoS Flood attacks. Nginx performed better than Apache in resisting HTTP DDoS Flood attacks due to its superior architectural design. In terms of mitigation measures, whether on Apache or Nginx, Fail2ban and Load Balancing were the most effective strategies, while other measures were relatively weak compared to these two. This shows that a better defence effect was only achievable by completely blocking malicious Requests from reaching the web server or by enhancing the server’s flexibility in handling concurrent Requests.
Publisher
Permanent link
Link to ePress publication
DOI
Copyright holder
Author
Copyright notice
All rights reserved