Protecting against DDoS attack

Question

Dear Community,
I need help from application security experts and seasoned web developers.
We are getting DDoS attacks on the following requests. This attack is targetting our SMS gateway; resulting in triggerig thousands of SMSs. Please inform which kind of protections we can introduce in application level / application code level to protect against this DDoS attack.
DDoS Request Sample:
POST xyz.com/api/otp/asdf HTTP/1.1
Host: xyz.com
Content-Length: 32
Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="90"
Accept: application/json, text/plain, */*
Authorization: ***********
Accept-Language: ar
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
Content-Type: application/json
Origin: &nbsp;http://abc.com&nbsp;
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer:&nbsp;http://abc.com&nbsp;
Accept-Encoding: gzip, deflate
Connection: close
{"mobileNumber":"123456789"}
Warm Regards

keesvandenbos · Answer

Hi,You could use the Bruteforce protection of the AWAF, or an irule to check the password and drop the request. Or implement a username/password combination on your sms gateway.Cheers,Kees

Forum Discussion

Protecting against DDoS attack

Recent Discussions

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

Related Content

Explore how F5 BIG-IP Advanced WAF protects against attacks on GraphQL API

Protecting Critical Apps against EastWest Attack

The HTTP/2 CONTINUATION frame attack

L7 DoS Protection with NGINX App Protect DoS

Beyond REST: Protecting GraphQL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS