Anti-DDoS HTTP Throttling Comes to Google Chrome


Google Chrome has very quietly added a new feature  “ a mechanism that is intended to prevent distributed denial of service (DDoS) attacks from being perpetrated, maliciously or accidentally, by web pages and extensions running within Chrome”.

chrome news  Anti DDoS HTTP Throttling Comes to Google Chrome

For those who do not know what is DDoS, from wiki “A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users …. One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable”

Can A Browser Stop DDoS Attacks ? What’s Chrome Going to Do ?

If dude a is attacking dude b’s server or website, what can I and my browser do about it ? Well, Chrome can’t stop someone from sending DDoS attacks to a server or website, but, if a website is down because of this or similar attacks, Chrome can stop it’s users from sending requests ( accessing ) to that website for  a while, and that will reduce some load on the server, right ?  Here is the technical explanation.

The way the mechanism works is, once a few server errors (HTTP error codes 500 and greater) in a row have been detected for a given URL (minus the query parameters), Chrome assumes the server is either unavailable or overloaded due to a DDoS, and denies requests to the same URL for a short period of time.

If, after this period of time, requests keep failing, this “back-off interval” period is increased using an exponential factor, and so on and so forth until the maximum back-off interval is reached.  It’s important to note that failures due to the throttling itself are not counted as failures that cause the back-off interval to be increased.

Google will also be able to control such attacks originating from any extension or app that was uploaded with bad intentions, or got hacked by someone to run DDoS attacks.

For those server / web geeks, here is the official documentation.  And for everyone else, here is how to access throttling settings on Chrome, visit chrome://net-internals/#httpThrottling on your browser and you should see this page.

via conceivablytech.com

3 Comments

Add yours →

  1. like!

  2. I noticed when using chrome with instant preview to go to a url on my LAN Windows IIS web server that trying to load a page with the url of every character typed caused IIS to return a “too many requests” type error, this might help that too

Comments are closed.