Various clues, like what URLs they are requesting, what IPs/regions it’s from, if it appears to be real clients based on user agent and ability to execute javascript, and so on.
It’s like a fun* little cat and mouse game, you figure out the patterns to block specific traffic, then they adapt and you start again. I even saw some users comment the other day they were being hit with false positives and blocked because the blocking was too aggressive. Fortunately there are companies that specialize in this kind of stuff like cloudflare. But that costs money so it wasn’t added until just recently, so it’s possible attacks are still getting around that.
How do you tell a ddos from legitimate traffic?
Various clues, like what URLs they are requesting, what IPs/regions it’s from, if it appears to be real clients based on user agent and ability to execute javascript, and so on.
It’s like a fun* little cat and mouse game, you figure out the patterns to block specific traffic, then they adapt and you start again. I even saw some users comment the other day they were being hit with false positives and blocked because the blocking was too aggressive. Fortunately there are companies that specialize in this kind of stuff like cloudflare. But that costs money so it wasn’t added until just recently, so it’s possible attacks are still getting around that.
*obnoxious
that’s the neat part, you don’t.
or at least, not easily.