Add Rate Limiting for WAF in front of NextJS and Apollo Server

CDLUC3 / dmsp_backend_prototype

The GraphQL (Apollo server) backend for the new DMSP system

0 stars 0 forks source link

Add Rate Limiting for WAF in front of NextJS and Apollo Server #38

Open jupiter007 opened 4 months ago

jupiter007 commented 4 months ago

We want to add Rate Limiting to the Firewall that will be in front of both the NextJS and Apollo Server.

In addition to that, do we want to add any rate limiting middleware to either the auth endpoints or GraphQL endpoints to prevent brute-force attacks, and add "depth-limiting" on GraphQL to prevent DOS attacks?

bofstein commented 4 months ago

Helpful resource: https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html#dos-prevention

briri commented 1 month ago

Leaving this ticket for the creation of our Web Application Firewall (WAF) which will include it's own rate limiting.

Added other tickets for depth limiting in Apollo Server and rate limiting in Apollo Server