CDN Backfired: Amplification Attacks Based on HTTP Range Requests

RangAMP Attack

Image credit: Unsplash


Content Delivery Networks (CDNs) aim to improve network performance and protect against web attack traffic for their hosting websites. And the HTTP range request mechanism is majorly designed to reduce unnecessary network transmission. However, we find the specifications failed to consider the security risks introduced when CDNs meet range requests. In this study, we present a novel class of HTTP amplification attack, Range-based Amplification (RangeAmp) Attacks. It allows attackers to massively exhaust not only the outgoing bandwidth of the origin servers deployed behind CDNs but also the bandwidth of CDN surrogate nodes. We examined the RangeAmp attacks on 13 popular CDNs to evaluate the feasibility and real-world impacts. Our experiment results show that all these CDNs are affected by the RangeAmp attacks. We also disclosed all security issues to affected CDN vendors and already received positive feedback from 12 vendors.

In 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Best Paper Award

Video URL

Media Coverage

comments powered by Disqus