V8-archive: Add option to rate limit (throttle) API requests
My website is public, but someone has been attacking my website through limit for a week.
For example:
xxxx.com/api/items/xxx?limit=1000
This will read a large amount of data, and he will send 100 requests at the same time, and my server CPU utilization will be 100% in an instant, resulting in server crash
Please tell me how to solve this situation.
question
cdwmhcc
All 4 comments
IMO, we don't have any features to limit the API request. But we can implement it - throttle limit in Directus.
bjgajjar
on 30 Dec 2019
A rate limit would be a good thing to add, thoughts @directus/api ?
benhaynes
on 30 Dec 2019
Looks like we already have rate_limit?
I found this in _example.php:
'rate_limit' => [
'enabled' => false, // Enable or disable all rate limiting
'limit' => 100, // Number of requests allowed...
'interval' => 60, // ...during this interval (in seconds)
'adapter' => 'redis', // Where to save the rate limit tmp data
'host' => '127.0.0.1',
'port' => 6379,
'timeout' => 10 // Timeout from API to rate limit storage adapter
],
everyx
on 30 Dec 2019
👍2
Hahah, oh yeah!! I can't believe I forgot. My brain is still in holiday mode...
benhaynes
on 30 Dec 2019
👀2
Was this page helpful?
0 / 5 - 0 ratings
Related issues
magikstm
路
3Comments
rijkvanzanten
路
3Comments
cdwmhcc
路
3Comments
andgar2010
路
3Comments
jwkellyiii
路
3Comments
Most helpful comment
Looks like we already have
rate_limit?I found this in
_example.php: