The other day at ${DAYWORK} we got hit by a simple yet efficient DDoS attack, basically, there were lots of regular HTTP queries with a specific query parameter but using either GET, POST or HEAD methods:
www.customer.com:443:80 174.76.48.233 - - [19/Mar/2020:17:26:11 +0000] "POST /?=Best_HTTP_Flooder_For_FREE_by_PassDDoS&9716 HTTP/1.0" 200 62861 "http://validator.w3.org/feed/check.cgi?url=https://www.customer.com" Fortunately, the parameter was always the same, and as we use an nginx reverse proxy farm in front of our customer’s websites, we could deploy this simple trick in order to get rid of the attack: