Web proxy based detection and protection mechanisms against client based HTTP attacks A server side protection from client based DDoS attacks on multilevel proxy. DDoS attacks are continuously sent the threat to the network applications. Such attacks are created by some set of attackers. They create a huge the whole sum of traffic and forces it to the network. Which induces significant injury to the victim server. In a computer network client sent an HTTP request to the server for seeking application resources through a proxy server. The proxy has protected, filter, monitoring the applications against such DDoS attacks. But the client can access the server through different webproxies to seeking application resource. A web server have not at all any technique to identifying malicious client and users of the client. For the reason that considering a proxy to server traffic, proxy conceals the client information and server knows only the information of proxy. Here Hidden semi-Markov Model (HsMM) proposed to describe the time varying traffic behaviors and special behavior of the traffic. An existing system, discovery of attacks is based only the proxy server and client system behavior rather than the actual client user. In such cases, an innocent web proxy or a whole client system may blocked. So this case may affect the many innocent users on the client system. To avoid this problem, a user based approach is employed for finding locality behaviors of the user’s system with enhanced http protocol. To add a custom header in the HTTP protocol for detecting actual attacking user of the client. And also proposed a threshold based algorithm (TBAD) with encryption, decryption algorithms for reshaping the suspicious request to normal request. This method can protect the Qos of the legitimate users of client system.