Skip to content

Api security

ilvalerione profile image Valerio github logo Updated on ・1 min read

Hi, I built a product that offer a public api endpoint to collect data from my users' applications, each of those needs to provide their specific API key.

Sometimes I receive a lot of fake http calls (3/4.000 requests per minute) that tend to fill my server's resources. They are fakr, just to keep my server busy.

Actually my solution is identify these anomalies because my server slow down and add a "deny [fake-ip]" entry in my .htaccess file.

Instantly the server come to breathe.

Can I adopt a more scalable strategy to recognize and filter out bad traffic?

twitter logo DISCUSS (1)
markdown guide

Usually, it is controlled by the firewall/DDOS protection service. Apache has a mod too.

Classic DEV Post from Aug 1 '19

Which loading GIF do you prefer?

I made some loading gifs

Valerio profile image
I'm a Software Engineer CTO at