Api security

github logo ・1 min read

Hi, I buil a product tha offer a public api endpoint to collect data from my users' applications, each of those needs to provide their specific API key.

Sometimes I receive a lot of fake http calls (3/4.000 requests per minute) that tend to fill my server's resources. They are fakr, just to keep my server busy.

Actually my solution is identify these anomalies because my server slow down and add a "deny [fake-ip]" entry in my .htaccess file.

Instantly the server come to breathe.

Can I adopt a more scalable strategy to recognize and filter out bad traffic?

twitter logo DISCUSS (1)
markdown guide
 

Usually, it is controlled by the firewall/DDOS protection service. Apache has a mod too.

Classic DEV Post from Jan 3

What's your coding origin story?

How did you get your start in programming?

Valerio profile image
I'm a Software Engineer creator of Inspector.dev

The All-Time Best

Browse Top Articles