DDOS Attacks - Restful Web Services

security rest restful-architecture ddos
Michael Henrique picture Michael Henrique · Jan 18, 2014 · Viewed 16.6k times · Source

Could you please list some strategies or even approaches you have already applied to prevent/protect/minimize DDOS attacks upon Restful Web Services?

Thanks.

Answer

Darrel Miller picture Darrel Miller · Jan 24, 2014

Put a HTTP cache like Squid or Varnish in front of your API and put a small max-age header on any resource that you are concerned about. Even having a max-age of 1 second will prevent your API from being hit more than once per second for that resource.

Related questions

How to secure a REST api between a single page app and a server?

I have 2 servers in place, one is responsible for the front-end application and the user authentication. This server is rendering a single page application coded in javascript. This javascript app is rendering data from a second server through a REST …

Read More
Best Practices for securing a REST API / web service

When designing a REST API or service are there any established best practices for dealing with security (Authentication, Authorization, Identity Management) ? When building a SOAP API you have WS-Security as a guide and much literature exists on the topic. I …

Read More
Secure Web Services: REST over HTTPS vs SOAP + WS-Security. Which is better?

I'm not a security expert by any means, but I favor creating REST-style web services. In creating a new service which needs to have the data it transmits secure. We've entered a debate over which approach is more secure - …

Read More