DDOS Attacks - Restful Web Services

security rest restful-architecture ddos
Michael Henrique picture Michael Henrique · Jan 18, 2014 · Viewed 16.6k times · Source

Could you please list some strategies or even approaches you have already applied to prevent/protect/minimize DDOS attacks upon Restful Web Services?

Thanks.

Answer

Darrel Miller picture Darrel Miller · Jan 24, 2014

Put a HTTP cache like Squid or Varnish in front of your API and put a small max-age header on any resource that you are concerned about. Even having a max-age of 1 second will prevent your API from being hit more than once per second for that resource.

Related questions

Best Practices for securing a REST API / web service

When designing a REST API or service are there any established best practices for dealing with security (Authentication, Authorization, Identity Management) ? When building a SOAP API you have WS-Security as a guide and much literature exists on the topic. I …

Read More
Secure Web Services: REST over HTTPS vs SOAP + WS-Security. Which is better?

I'm not a security expert by any means, but I favor creating REST-style web services. In creating a new service which needs to have the data it transmits secure. We've entered a debate over which approach is more secure - …

Read More
How to secure RESTful web services?

I have to implement secure RESTful web services. I already did some research using Google but I'm stuck. Options: TLS (HTTPS) + HTTP Basic (pc1oad1etter) HTTP Digest two-legged OAuth a Cookie-based approach client certificates (Tom Ritter and here) Signed …

Read More