DEV Community


Api security

ilvalerione profile image Valerio Updated on ・1 min read

Hi, I built a product that offer a public api endpoint to collect data from my users' applications, each of those needs to provide their specific API key.

Sometimes I receive a lot of fake http calls (3/4.000 requests per minute) that tend to fill my server's resources. They are fakr, just to keep my server busy.

Actually my solution is identify these anomalies because my server slow down and add a "deny [fake-ip]" entry in my .htaccess file.

Instantly the server come to breathe.

Can I adopt a more scalable strategy to recognize and filter out bad traffic?

Discussion (1)

jorgecc profile image
Jorge Castro

Usually, it is controlled by the firewall/DDOS protection service. Apache has a mod too.

Forem Open with the Forem app