We do not want our example server to be able to be used as a DDOS proxy.
For each API request a user does, we issue a fetch to the third party server in the URL.
This can be used to launch a DDOS attack using our REST server's bandwidth.
Here are a few possible solutions:
Do not a fetch for the same file if the same URL is already being fetched.
Rate limit how many fetches we do to each domain.
Only allow fetching from a domains that is in a whitelist.
We do not want our example server to be able to be used as a DDOS proxy. For each API request a user does, we issue a fetch to the third party server in the URL. This can be used to launch a DDOS attack using our REST server's bandwidth.
Here are a few possible solutions: