DDoS attacks

When a public institution experienced repeated website outages caused by coordinated distributed denial-of-service (DDoS) attacks, it decided to take steps to regain control of its operations.

The institution turned to Transparent Edge to maintain the availability of its portals, reduce the operational impact of invalid traffic, and achieve immediate stability without restructuring internal processes.

Read the full story

Use case

The vulnerability:

The combination of high visibility, hacktivist attacks, and an infrastructure with little tolerance for concurrent traffic created a constant operational risk.

The impact was significant:

Website outages prevented access to information and subjected the IT team to constant operational pressure.
The non-resilient origin server quickly became overloaded, returning HTTP 504 (Gateway Timeout) errors even under moderate sustained traffic.
Volumetric and Layer 7 attacks, intensified by groups like NoName057, exposed the organization’s vulnerability.

Transparent Edge’s response:

When Transparent Edge is called into action, it quickly develops a layered defense strategy that mitigates the problem in real time and provides visibility into attack patterns.

Immediate actions

Immediate activation of UAM mode: establishes “under attack” mode to block non-human traffic and stop the attack in progress.
DDoS protection: activates Anti-DDoS for layers 3, 4, and 7 and sets a rate limit with a maximum request threshold beyond which traffic is blocked.
Caching policies: to respond to specific incidents, caching of static files and HTML is prioritized, preventing excessive resource consumption and drastically reducing requests to the origin.

Deployment of protection strategy

Anomaly detection: They implement tools to monitor behavior patterns and provide tailored responses (JS challenges, captchas, auto-blacklisting). They enable notifications or countermeasures as needed.
IP scoring: They set a threshold to block IPs with low reputation or ASNs with high scores. For IPs originating from outside Spain, UAM is activated.
Controlled whitelists: Legitimate scraping and third-party services can access the whitelist if they meet certain predefined thresholds.
Redirects using regular expressions: To prevent attack vectors based on the composition of friendly permalinks.

Our actions produce results

In addition to stopping the attacks, the implementation optimized content delivery, preventing user concurrency from crashing the portals, repelling cyberattacks, and stabilizing the experience for legitimate users.

The objectives of ensuring service availability even during DDoS attacks were met.

For websites with high exposure to DDoS attacks, it is vital to:

Implement anti-DDoS measures at layers 3, 4, and 7 to discard invalid traffic before it reaches the origin.
A technical team with knowledge of attack scenarios for rapid, real-time data analysis and threshold tuning.
Operational observability for proactive decision-making.

What can Transparent Edge do?

We’ll support you with our team’s expertise in implementing customized restrictions and optimizations tailored to your business needs. With comprehensive layers of security, detection, and mitigation, see how you can gain control of your environment and safeguard your digital sales channel.

Talk to an expert