Protecting a web service from HTTP request attack?

Q

qwead2018-02-02 08:11:03

Web servers

qwead, 2018-02-02 08:11:03

There is an api service that accepts a request with the PUT method at /api/account How can I protect it from hackers who can fill my entire database with such a script?:
{"Login": "user1", "Password": "pwd123456"}

for(var counter = 0; counter < 9999999; counter++)
{
  var payload = {
      Login: 'aziatuser' + counter,
      Password: 'yourehacked'
  };
  fetch('http://mysite.ru/api/account', {
      method: 'PUT',
      body: JSON.stringify(payload),
      headers: {
          'Accept': 'application/json, text/plain, */*',
          'Content-Type': 'application/json'
      }
  });
}

those. it is necessary to prohibit the same client from sending the same request

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dmitry Tallmange, 2018-02-02
@qwead

Nginx, for example, has a rate limit :

limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;

server {
    location /login/ {
        limit_req zone=mylimit;


        proxy_pass http://my_upstream;
    }
}

Apache has modules that implement the necessary limiting functionality.