prompt-injection icon indicating copy to clipboard operation
prompt-injection copied to clipboard

Published 20 hours ago verified publisher icon ScottLogic

Remote throttling

Open gsproston-scottlogic opened this issue 2 years ago • 3 comments

May have to throttle user activity once the app is deployed.

gsproston-scottlogic avatar Sep 14 '23 08:09 gsproston-scottlogic

AWS ECS can do this for us. Additionally, cloudfront and/or apigateway have throttling and other security measures we can enable.

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-awswaf.html

chriswilty avatar Oct 10 '23 08:10 chriswilty

This is now low priority, as our application is secured via Cognito auth. We would be able to spot bad actors via login names, although we will need to ensure the API layer (maybe load balancer?) logs username with each request, and configure that if currently missing.

chriswilty avatar Jul 26 '24 10:07 chriswilty

Update

We are now logging username on successful token verification, which happens on every request to our API: these pass through CloudFront, as direct access to the load balancer is blocked.

We may wish to restrict unauthorized and authorized requests by applying throttling.

chriswilty avatar Aug 16 '24 15:08 chriswilty