Google Chrome has very quietly added a new feature Â “Â a mechanism that is intended to prevent distributed denial of service (DDoS) attacks from being perpetrated, maliciously or accidentally, by web pages and extensions running within Chrome”.
For those who do not know what is DDoS, from wiki “A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users ….Â One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable”
Can A Browser Stop DDoS Attacks ? What’s Chrome Going to Do ?
If dude a is attacking dude b’s server or website, what can I and my browser do about it ? Well, Chrome can’t stop someone from sending DDoS attacks to a server or website, but, if a website is down because of this or similar attacks, Chrome can stop it’s users from sending requests ( accessing ) to that website for Â a while, and that will reduce some load on the server, right ? Â Here is the technical explanation.
The way the mechanism works is, once a few server errors (HTTP error codes 500 and greater)Â in a rowÂ have been detected for a given URL (minus the query parameters), Chrome assumes the server is either unavailable or overloaded due to a DDoS, and denies requests to the same URL for a short period of time.
If, after this period of time, requests keep failing, this “back-off interval” period is increased using an exponential factor, and so on and so forth until the maximum back-off interval is reached. Â It’s important to note that failures due to the throttling itself are not counted as failures that cause the back-off interval to be increased.
Google will also be able to control such attacks originating from any extension or app that was uploaded with badÂ intentions, or got hacked by someone to run DDoS attacks.
For those server / web geeks, here is the official documentation. Â And for everyone else, here is how to access throttling settings on Chrome, visitÂ chrome://net-internals/#httpThrottling on your browser and you should see this page.