The name GET flood is used for two different kinds of attacks using the same request. The attacker can either request static URLs at a high rate, or simply ask for every single object on a website, one after the other.

In both cases the goal is to overload the server with too many requests, exhausting the server’s resources, and preventing legitimate requests from being served.

Fortunately, real users don't work like this. The F5 BIG-IP system can mitigate a GET flood by using the F5 iRules scripting language to filter out the requests.

In collaboration with BIG-IP Application Security Manager (ASM), genuine usage patterns can be filtered from abusive usage patterns using different criteria:

  • Observed latency from the application server
  • Characteristics of the client IP address, such as geolocation, reputation, or the address itself

Using this data, the BIG-IP system can determine whether the request originates from a bot or a legitimate user.