DDoSPedia is a glossary that focuses on network and application security terms with many DDoS-related definitions. It provides a central place for hard to find web-scattered definitions on this topic.
An HTTP challenge is a method used to automatically mitigate HTTP based
. The challenge is intended to be passed by legitimate users and to fail the attackers.
One typical challenge is that after arrival of an HTTP request message, send back to the users a 302 Redirect message. A typical user with a web browser will pass that challenge, while an attacker that does not implement a full HTTP stack will ignore this redirect and send the original request again. A more complicated challenge is to add a cookie - now the client also has to store and resend this cookie.