Features

Mithril distributes cache among all its nodes, and gives users control about what or what not to put in their cache. Thanks to its Cache API, any user can completely purge all cache or just delete a single content.

What is Mithril Proxy Caching and how does it work?

A useful functionality of Mithril Proxy Cache is that all cached contents never really expire. If your website becomes unreachable or it starts to return errors, Mithril can take stale contents from its cache. It sends it to your website’s users, avoiding errors like 500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable, or 504 Gateway Timeout.
If proxy caching is not enough for you, Mithril can inject a simple Service Worker to convert your website or web application to an offline web application.

What is Mithril Service Worker and how does it work?

Service Worker is a script that the user’s browser runs in the background, and it can handle and intercept network requests and save them in the user’s browser cache. This means that any content coming from your website and any content from third parties, like Google Fonts or CDN, will be stored in the user’s browser cache making your website “reachable” offline.

DDoS-for-hire services, also known as booters or stressers, offer malicious actors an easy way to anonymously attack any Internet-connected target. Using such services, anyone can send millions of HTTP requests against any target website, in order to exhaust the web server’s resources, making it unresponsive or unreachable.

How does a DDoS attack work?

Booters or stressers usually use their own servers and infrastructure to run attacks, hiding their public IP addresses behind open proxies or abusing public web application functionalities (such as WordPress XMLRPC pingback, read more here). What all booters have in common, is that for spawning the most number of connections against a target, they use simple HTTP clients that are unable to execute JavaScript contents.

How does Mithril protect your web server and application from DDoS attacks?

Thanks to this, Mithril can generate an easy JavaScript Challenge on its internet-facing load balancers that block the DoS Attack before reaching the customer’s server and scaling automatically to handle all incoming connections. According to this technique, Mithril can handle hundreds of millions of concurrent HTTP requests, saving your web server and web application from this type of traffic burst without any downtime.

Bad Bots have evolved during the last decade in four different generations. Let’s learn more about them, in order to understand how Bad Bot Protection works.

1. The first generation of Bat Bots is represented by simple scripts that (using text user-agents such as curl) are unable to handle authenticated sessions or run JavaScript code. The first generation is usually very easy to intercept and block just by filtering what they put in the “User-Agent” request header (if present).
2. The second generation includes a little bit more sophisticated scripts that can handle authenticated sessions but still not able to run JavaScript code. The second generation usually impersonates a real browser (such as Chrome or Firefox) by sending a plausible string inside the request User-Agent header.
3. The third generation is made by real browsers controlled by WebDriver, that is a remote control interface that makes anyone able to remotely instruct the behavior of web browsers. In a few words, WebDriver makes you able to automate HTTP requests, using a real browser that can handle authenticated sessions and can run JavaScript code. The third generation is more complicated to intercept and block, because all requests come from a real browser and at first appear indistinguishable from a human user.
4. The fourth generation includes real browsers that can simulate human behaviors like mouse activities, pressing keys on the keyboard, scrolling, etc… and is very difficult to detect and block.

Mithril has three types of JavaScript Challenges that are able to intercept and block all previously mentioned Bad Bot generations.

What is a JavaScript challenge?
A JavaScript challenge is a landing page that forces the user-agent to execute JavaScript code to gain a session token. That session token makes users able to browse your website for a configurable amount of time before checking it again. This usually helps to tell humans and bots apart, but is not enough for the 3rd and 4th generations.

How does the Mithril JavaScript Challenge defeat all the four bad bot generations?
The Mithril JavaScript Challenge can identify browsers controlled by WebDriver and can be executed in the background during the user’s browsing, in order to detect suspicious behavior covering more sophisticated bad bot generations.

One of the hardest things to do during the learning phase is to identify all query string and body parameters having a well-known format. This refers to: “numeric only”, alphabetical, alphanumeric, etc.. among all content types requested such as form urlencoded, JSON, XML, multipart, and many others.

How does Mithril Learning Phase and Response Filtering work?

Mithril has a learning module that automatically analyzes the customer’s HTTP traffic, and creates custom Web Application Firewall rules to limit and sanitize the user’s input. Sometimes this is not enough to patch misconfigurations or vulnerabilities in a web application.

Therefore, our team is able to apply virtual patches by reading a Penetration Test Report or after doing a Penetration Test activity. This makes us able to customize WAF Rules and Modules to sanitize input even replacing on-fly any response body to redact information leakage and debug.

Just an example
Your web application has a parameter name “newsid”, and its content is just an int that refers to a news id number on your database. Our learning module will automatically produce a rule having “ARGS:newsid” as a variable checking its value with a regular expression like “^[0-9]+$”. If the regex doesn’t match, Mithril will block the request filtering out all injection attempts like SQL Injection.