authn icon indicating copy to clipboard operation
authn copied to clipboard

Published 20 hours ago verified publisher icon keratin

Throttling for Abusable Endpoints

Open cainlevy opened this issue 9 years ago • 2 comments
trafficstars

Throttling for every endpoint that leaks information about users in the system or can be used to incur costs to the business (e.g. SMS). A well-designed throttling plan should leave normal users unaffected while slowing and eventually auto-banning attackers.

cainlevy avatar Nov 18 '16 22:11 cainlevy

The Rack::Attack middleware could handle this part very well.

ashishpandey001 avatar May 06 '17 01:05 ashishpandey001

Yes, absolutely!

cainlevy avatar May 06 '17 16:05 cainlevy