GET Flood

The name GET flood is used for two different kinds of attacks using the same request. The attacker can either request static URLs at a high rate, or simply ask for every single object on a website, one after the other.

In both cases the goal is to overload the server with too many requests, exhausting the servers' resources, and preventing legitimate requests from being served.

Fortunately, real users don't work like this. The F5 BIG-IP system can mitigate a GET flood by using the F5 iRules scripting language to filter out the requests.

In collaboration with BIG-IP Application Security Manager (ASM), genuine usage patterns can be filtered from abusive usage patterns using different criteria:

  • Based on observed latency from the application server
  • Based on characteristics of the client IP address, such as geolocation, reputation, or the address itself

Using this data, the BIG-IP system can determine whether the request originates from a bot or a legitimate user.


Connect with F5

F5 Labs

The latest in application threat intelligence.


The F5 community for discussion forums and expert articles.

F5 Newsroom

News, F5 blogs, and more.