1️⃣Understanding HTTP Flood Attacks:
An HTTP flood attackis a type of DDoS attack where an attacker sendsa large number of HTTP requeststo a target server, overloading its resources.
Attackers often use botnets or spoofed IP addressesto send forged HTTP requests, making it difficult to differentiate between legitimate and malicious traffic.
2️⃣What is Happening in the Figure?
TheAnti-DDoS devicedetects an abnormally high number of HTTP requests from certain IPs.
Itchallenges suspicious clientsby requiring them to complete an authentication step (such as entering a verification code).
Legitimate users can pass the authentication and get whitelisted, while bots and attackers fail to respond and are blocked.
3️⃣Why is "Enhanced Mode" the Correct Answer?
Enhanced Modeis an advancedsource IP detection technologythat uses verificationcodes or JavaScript challenges to distinguish real users from bots.
Key features of Enhanced Mode:
Verification challenge(e.g., CAPTCHA, JavaScript check).
Whitelisting of verified usersto prevent further verification delays.
Blocks attack sources that fail to respond to verification.
In the figure, the systemprompts suspicious users to enter a verification codebefore allowing further access.
Attackers typicallydo not respond, while legitimate userscomplete the challenge and continue browsing normally.
HCIP-Security References:
Huawei HCIP-Security Guide→ HTTP Flood Attack Protection
Huawei Anti-DDoS Solution Guide→ Source IP Detection Methods
Huawei WAF Documentation→ Enhanced Mode for Web Attack Mitigation