HTTP floods mimicking the human behavior is a kind of distributed denial of service attack. This paper presents a resist method, it includes three key points, uses session ID to identify users, discovers the puppet computer by analyzing the request sequence in unit time, interrupts the attacks by discarding or modifying the request message. A software firewall is implemented based on this method, it includes a statistics module and a forwarding module. The statistics module is used to discover the puppet computers. The forwarding module is used to discard or modify the request messages of puppet computers. The firewall is deployed on a web server, the administrator sets the running arguments according to the site characteristics, help rescuing the server from HTTP floods at a low cost.