0

I am developing a Web Application using WebApi and AngularJS. My Application is Public Classified Web Site where a lot of URLs are public. My Question : What if someone writes very simple infinite loop and starts hitting my Server like:

<script type="text/javascript">

    $(function () {

        while (true) {
            $.get("https://MyPublicURL", function (data) {
            });
        };
    });

</script>

It will make my expensive server serve unnecessary requests for no reason. What are the best practices to avoid such situation?

Usman Khalid
  • 3,032
  • 9
  • 41
  • 66
  • This is known as a DOS (denial of service) attack; when someone makes so many requests that your webserver hangs. It is more of a server setup / IT question – mortb Mar 28 '17 at 10:02
  • you may google denial of service attack – Shiping Mar 28 '17 at 10:02
  • 1
    Fundamentally, you can't stop DOS attacks. You can mitigate on the server by something like rate-limiting : http://stackoverflow.com/questions/20817300/how-to-throttle-requests-in-a-web-api (or https://github.com/stefanprodan/WebApiThrottle ), but all this really means is that you can answer the "bad" requests with low computational complexity, not prevent them. For heavier DOS/DDOS, your service provider will need to be involved (perhaps by null-routing the miscreants). – spender Mar 28 '17 at 10:03
  • Thanks, I was searching for the answer for so many days, Just did not know that it is called Denial of Service. Thanks! I will search from here now. – Usman Khalid Mar 28 '17 at 10:04

2 Answers2

1

There are some services you can use to mitigate DoS attacks, probably one of the most well known and easy to start with is CloudFlare: https://www.cloudflare.com/ddos/

The basic tier is free and affords some protection, so you can just try it out and see if it suits you.

There are some things you can do yourself to mitigate simple attacks such as the one in your example, but more complicated attacks (DDoS etc) need to be handled from outside.

Alex Paven
  • 5,539
  • 2
  • 21
  • 35
0

3Scale also provide API usage limitation feature. Refer:https://www.3scale.net/api-management/rate-limits/

Jignesh Variya
  • 1,869
  • 16
  • 12