You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
application rate limit (API / software level)
(for instance if a node of you API can't handle more than X requests per minute you could rate limit globally to X requests per
minute on all endpoints of the API)
Quote From Neil Madden: Even if you enforce rate-limiting at a proxy server, it is good security practice to also enforce rate limits in each server so that if the proxy server misbehaves or is misconfigured, it is still difficult to bring down the individual API servers. This is an instance of the general security principle known as defense in depth, which aims to ensure that no failure of a single mechanism is enough to compromise your API.
The text was updated successfully, but these errors were encountered:
on API8 "how to prevent" section rate limiting should be specified, there 2 kinds of rate limiting in practice :
(for instance if a node of you API can't handle more than X requests per minute you could rate limit globally to X requests per
minute on all endpoints of the API)
Quote From Neil Madden:
Even if you enforce rate-limiting at a proxy server, it is good security practice to also enforce rate limits in each server so that if the proxy server misbehaves or is misconfigured, it is still difficult to bring down the individual API servers. This is an instance of the general security principle known as defense in depth, which aims to ensure that no failure of a single mechanism is enough to compromise your API.
The text was updated successfully, but these errors were encountered: