What are the best practices in Django to detect and prevent DoS attacks... Are there any ready to use apps or middleware available which prevents website access and scan through bots?
Asked
Active
Viewed 1.1k times
16
-
3I guess you should just code by django standards, and use the latest version, also ddos attacks usually exploits the webserver/machine and not the web-framework involved in creating the website. – BrainStorm Jul 31 '11 at 14:24
3 Answers
9
You might want to read the following 3 questions over on Security Stack Exchange.
A quick description of the problem:
Possible solutions and limitations of attempting mitigation in software:
And a bit of discussion around commonly used anti-DDoS techniques at the perimeter, rather than the application:
It is really difficult to do at the application level - the earlier in the path you can drop the attack, the better.
Community
- 1
- 1
Rory Alsop
- 1,441
- 25
- 38
4
I'd probably aim to deal with DoS at a higher level in the stack. If you're using Apache, take a look at mod_security. Or maybe a nice set of firewall rules.
Edit: Depending on your situation, you also might want to take a look at a caching server like Varnish. It's a lot harder to DoS you, if the vast majority of hits are served by the lightning quick Varnish before they even reach your regular web server.
Eli
- 5,500
- 1
- 29
- 27
1
The solution is simple, limit API with throttling and auth
The default throttling policy may be set globally, using the DEFAULT_THROTTLE_CLASSES and DEFAULT_THROTTLE_RATES settings.
The quote is from https://www.django-rest-framework.org/api-guide/throttling/#setting-the-throttling-policy
-
2Welcome to SO! We appreciate your input, but please edit your answer so that it (1) relates to the question, (2) quotes the most important parts from the linked resource, (3) explains the solution. For more hints see https://stackoverflow.com/help/how-to-answer – B--rian Aug 11 '19 at 21:18