We Just Killed a 92k RPS
Pure Layer-7 Attack In-House

This morning at 03:11 UTC we absorbed one of the cleanest, highest-RPS Layer-7 attacks we’ve ever recorded.

Attack Breakdown

• 92 400+ HTTPS requests per second sustained
• 5.2 million requests in the worst 60 seconds
• 20% heavily multiplexed HTTP/2 + HTTP/1.1 streams
• ≈50% originated from telecom-hosted bulletproof servers and compromised end-user devices (residential proxies, IoT, routers)

How We Stopped It

03:12 – L4 Offloaders

Our always-on Layer-4 offloaders dropped over 20% of garbage traffic (SYN floods, malformed packets, etc.) directly at line-card level.

03:13 – In-Line Mitigation Mode Activated

The remaining 80% pure L7 flood hit our proprietary In-Line Mitigation Mode — the exact same mode that is available to every Web-Shield member right now.

How it works is a closely guarded secret, but the result speaks for itself:

• ~50% of the attack (telecom housing + hacked devices) vanished instantly via ASN + behavioral fingerprinting
• The 20% multiplexed portion was terminated during TLS handshake — never even reached the web filters
• One global config change, < 4 second propagation worldwide
• Legitimate user latency increase stayed under 40 ms

# Simplified view of what happened under the hood
if (inline_mitigation_score > threshold) → immediate drop or challenge
# That's literally all you need to know :)

03:20 – Attack Over

Attacker gave up. Network returned to baseline in under 10 minutes from peak.

Bottom Line

• Zero packets reached origin
• Zero downtime
• Zero third-party CDN used
• Most of the attack was surgically eliminated by In-Line Mitigation Mode — the same mode every single Web-Shield customer has available 24/7

You don’t need a magic CDN when your own stack is this good.

---

This is Web-Shield.
No vendors. No excuses. Just the fastest, most aggressive in-house mitigation on the planet.

— Web-Shield Engineering Team
November 30, 2025