Hi, I built a product that offer a public api endpoint to collect data from my users' applications, each of those needs to provide their specific API key.
Sometimes I receive a lot of fake http calls (3/4.000 requests per minute) that tend to fill my server's resources. They are fakr, just to keep my server busy.
Actually my solution is identify these anomalies because my server slow down and add a "deny [fake-ip]" entry in my .htaccess file.
Instantly the server come to breathe.
Can I adopt a more scalable strategy to recognize and filter out bad traffic?