...
Rate Controls provides protection against application layer DDoS attacks by monitoring and controlling the rate of requests against the Akamai Edge servers and the customer origin. Rate categories can be incorporated as WAF rules enabling the customer to dynamically alert and/or block clients exhibiting excessive request rate behaviors. Statistics are collected for 3 request phases: client request; forward request; and forward response.
HTTP Analysis
ScotiaOnline Login under the covers view after button is clicked.
User Name and Password are sent using POST,
As part of user hitting the website, the user is tracked via a unique session cookie,
Request header containing information about the http request and the browser agent,
References
Amazon White Paper- https://d0.awsstatic.com/whitepapers/DDoS_White_Paper_June2015.pdf