In an Excessive Verb Attack, attackers take advantage of a feature of HTTP 1.1 that allows multiple client requests within a single HTTP session. In this case, attackers can lower the session request rate of an HTTP attack in order to come under the radar of request rate-limiting features found on some attack defense systems deployed today. This attack is viewed as a low-and-slow Application-Layer attack and normally consumes little bandwidth but eventually renders the victim’s servers unresponsive.
