Friday, May 26, 2017

redirect - How does URL redirection affect DDoS attacks?




We're moving our company website to a new domain and a new hosting provider as part of a re-branding project. We intend to create completely new content for the new website, remove all content from the old one, and only leave a generic URL redirect in the old domain, which directs to the main page on the new website.



While it is not a reason for the domain change, we had a lot of DDoS attacks on our old domain. I'd like to know if we can do something with URL redirect to reduce the amount of attacks on the old domain that get directed to the new domain?



A 301 redirect is the best option SEO-wise, but does it just relay any attacks to the new domain?



What about meta refresh? Or just a static anchor link to the new website? Are there other options?


Answer



On balance, I would probably go either with a 301, or replace the previous site with a single page providing a link to the new location.




Although I understand your concern about migrating the DDOS attacks along with legitimate traffic, I think it may be a false concern:




  • you do need to provide a means for legitimate users to find your new site, and that being the case, a sufficiently motivated attacker could too

  • you are putting up another public website, so even absent concerns about what was happening to the previous site, there is no particular reason I can think of to assume that site would not come under attack, potentially for the same, or similar, reasons to why your first domain was attacked. It is entirely possible your first domain was under attack for something as simple as 'it exists'.



Ultimately, I am not sure there is much you can do to avoid being attacked again.



However, that doesn't mean there isn't something you could do:





  • rate limit all requests to the old domain, if possible to something as close to 0 as possible (in theory, legitimate users make 1 request, get 1 redirect, and are no longer seen).

  • only redirect your landing page to your new site via 301. Keep other URLs (in particular, any URLs you know to be specifically targetted) without the redirect (you can always have a generic 'we moved' page), and gather any IPs that hit it - then consider blocking those IPs on both your new and old domains/servers.

  • similarly, consider using other methods (e.g. an IDS, a WAF) in front of your old domain's server to more specifically identify attackers, and block those where you can.

  • where you do have a redirect, consider checking user agents. It will be imperfect, but might be of some use in restricting who receives the redirect in the first place.

  • do all you can to ensure your new domain is more resilient than the old one, and use the attack data from your old domain to gauge what level of protection might be necessary.



Although I couldn't find anything specific to answer your question about the role of 301s in 'migrating' a DDoS, I strongly suspect the answer is 'it depends'.




Notably, it would depend on:




  • what kind of DDoS you are under - unless it is a layer 7 DDoS, a 301 isn't really relevant.

  • how sophisticated attacker tools are, and (possibly) how they are configured. I can easily imagine a 301 being used to redirect attackers to a less-visible server/site, so there may be reasons why scripts would ignore them - this is purely speculation on my part, though.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...