What is an Account-Control Surface?
Understand the account-control surface and why account protection has to cover more than the login form.
Support FAQ
A Layer 7 DDoS attack targets the "Application Layer" of the OSI model. Unlike other types of DDoS attacks that flood network layers with traffic, a Layer 7 attack focuses on specific functions or features of a web application or service.
Layer 7 DDoS protection stops request floods that target the application itself: login, search, checkout, API, account, and other expensive dynamic routes. Good mitigation combines traffic baselines, anomaly detection, bot signals, WAF and API policy, caching, and route-aware rate limits before the attack consumes origin resources.
Layer 7 attacks are more sophisticated as they target the application layer, which is the closest layer to the end user. While other DDoS attacks like volumetric or protocol attacks aim to overwhelm bandwidth or exploit network vulnerabilities, Layer 7 attacks mimic human-like interaction with the application, making them harder to detect.
Common targets include web pages, API endpoints, and databases that are part of web applications or online services.
These attacks often involve repeated requests to a specific aspect of an application, like a search function, login page, or API endpoint. The goal is to exhaust server resources, such as CPU or memory, to render the application unresponsive or slow.
Effective Layer 7 DDoS mitigation combines request limits, caching, WAF rules, bot signals, anomaly detection, and challenges so attackers cannot drain application resources through one weak control. Peakhour's Layer 7 DDoS protection page shows how those controls fit together in the request path.
Understand the account-control surface and why account protection has to cover more than the login form.
Learn about account takeover threats, protection strategies, and detection methods to secure your digital accounts and prevent unauthorised access.
An overview of Account Takeover Attacks
A practical reference for common AI crawler user agents, operators, purposes, and recommended Peakhour bot-management actions.
AI For Cybersecurity explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
AI Image Generation explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
© PEAKHOUR.IO PTY LTD 2026 ABN 76 619 930 826 All rights reserved.