How does DDOS work?

#1
I am considering litespeed for its DDOS abilities but am having trouble finding a lot of details.

I read the recent article about how litespeed was used to stop a DDOS attack (http://blog.litespeedtech.com/articles/category/anti-ddos/) and wanted some more information on one sentence:
"LiteSpeed is able to detect the IPs (bot) that abuse servers and drop all the connections from detected bots"

So how exactly does it do that? I've read the FAQs regarding setting up DDOS here:
http://www.litespeedtech.com/how-tos.html#qa_dos

I'm guessing that once you've set the things like the max_request_url_length then any IP address that exceeds that is considered a bot. Is that right?

And how about the per client settings? If something exceeds the "static requests per second" limit does that get banned too?

Basically I guess what I'm looking for is a better explanation or how IP addresses get banned and unbanned.

Any insight would be much appreciated.
 
Top