AbstractWeb server overload resulting from an application layer–based distributed denial‐of‐service (DDoS) attack or a flash crowd event continues to be a major problem in today's internet because it renders the Web server unavailable in both cases. In this paper, we propose a novel system, called ReCAP, that handles server overload resulting from application layer–based DDoS attacks or flash crowd events. The system is envisioned as a service that can be provided to websites that have limited resources with no infrastructure in place to handle these events. The main goal of ReCAP is to filter attack traffic in case of a DDoS attack event and to provide users with basic information during a flash crowd event. The proposed system is composed of 2 main modules: (1) the HTTPredirect module, which is a stateless Hypertext Transfer Protocol server that redirects Web requests destined to the targeted Web server to the second module, and (2) the distributed Completely Automated Public Turing Test To Tell Computers and Humans Apart (CAPTCHA) service, which comprises a large number of powerful nodes geographically and suitably distributed in the internet acting as a large distributed firewall. All requests to the origin Web server are redirected to the CAPTCHA nodes, which can segregate legitimate clients from automated attacks by requiring them to solve a challenge. Upon successful response, legitimate clients (humans) are forwarded through a given CAPTCHA node to the Web server. These CAPTCHA proxies are envisioned to be placed intrinsically at the edge of the network in the proximity of the clients to curb communication delays, and thus perceived response times, and to relieve the core network from further traffic congestion. In particular, such organization fits squarely in the fifth use case scenario presented in the European Telecommunications Standards Institute Mobile Edge Computing Industry Specification Group's introductory technical paper on Mobile‐Edge Computing. In conclusion, the performance evaluation shows that the proposed system is able to mitigate application‐layer DDoS attacks while incurring acceptable delays for legitimate clients as a result of redirecting them to and via CAPTCHA nodes.