Web application caching functionality can be an asset when a DDoS attack strikes.
Caching is most commonly used to more efficiently deliver online content, such as web pages or images, by putting the content closer to where the end user is located. When a user makes a request for an image, for example, the request first goes to an edge node. If the edge node already has a copy of that image cached, it can simply return the image to the user. The request doesn’t have to go all the way to the origin server to retrieve it.
In this context, web application caching has several benefits, including improved performance and decreased load on the origin. By decreasing load on the origin, caching also comes into play against DDoS attacks — and even non-malicious traffic spikes, such as those that retailers may face during the holidays.
Oracle Dyn Web Application Security is a cloud-based service that sits in front of an organization’s web presence and acts as an edge node. All traffic requests go there first, where they are analyzed and tested with a variety of challenges to determine whether they come from legitimate visitors or malicious bots.
The last step before a request goes to the origin is to check the cache. If a DDoS or other bot attack manages to pass all of our challenges, we then check to see if its requested data is available in cache. If it is, the response is returned without the request ever hitting the origin. So even in cases where we’re unable to stop an attack completely, caching can at least relieve some stress on the origin.
It’s important to note that web application caching won’t help much if there’s an attack on a dynamic page where the content is constantly changing, such as on a social media site. If a page or file is relatively static, however, that content is highly cache-able. It comes down to two things:
how popular that content is, because frequently accessed content gets cached across all edge nodes to ensure efficient delivery;
and the geographic spread of the requests, because if you’ve got a U.S.-centric site, for example, its content is less likely to be cached in Japan.
The effectiveness of caching in mitigating DDoS attacks depends on the type of content being served and how easily it can be cached.