Forum Discussion

JustJozef's avatar
JustJozef
Icon for Cirrus rankCirrus
Oct 07, 2022

API endpoints brute force protection/rate limiting

Hello,

I would like to know how to protect API endpoints and if it's possible at all. Let's say that I want define some "brute force protection" for API endpoints but they are not login pages. There is no username/password. I will add some use cases below.

1. Specific API endpoint - /api/this_is_a_single_endpoint/do_something.

I want to define X requests for IP or user during X minutes and then block for X minutes

As workaround I can create virtual and positional parameters and "force" specific endpoint to be a login page. This works but it's not nice solution.

2. API endpoints with wildcard - /api/*

Let's say that I want achive same - X requests for IP or user during X minutes and then block for X minutes. Is there any way how to do it?

1 Reply