as33ms
commented
8 years ago IMHO, this should be done on the server level rather than at the software level.
Closed ccsr closed 7 years ago
as33ms
commented
8 years ago IMHO, this should be done on the server level rather than at the software level.
kyyberi
commented
7 years ago +agreed. Search for existing solutions instead of building one from scratch.
kyyberi
commented
7 years ago A little more information about possible strategies http://security.stackexchange.com/questions/73369/how-do-major-sites-prevent-ddos
kyyberi
commented
7 years ago CDN is the most reliable approach.
bajiat
commented
7 years ago @jawidahmadi
First of all, thanks for reading a good number of sources for your research. :)
I know your research text has already been merged, but I still have a few comments to make. Sorry for not being able to read the text sooner.
If there is text that is copy from someone else's text, please mark it as a quotation, if it is longer than 3 words. For instance, this snippet of text is copied from one of your sources: "It is a subtle dance and requires a bit more understanding of the application and its flow," If we copy text from others without marking it as a copy (and giving the source), we are plagiarizing.
I'm wondering about this recommendation in a research document for APInf (API management tool): "Consider using AWS API gateway as the second stage for your API requests. AWS API gateway provides filtering, throttling, security,auto-scaling and HA for your API."Maybe @brylie can comment, whether this is an ok recommendation or not. I found this as a recommendation to use another tool.
Based on this research, what levels do you think we should be focusing on and are these some concrete first steps?
Study DDoS attack prevention and mitigation for APInf
Definition of done
There is a DDoS-prevention document created in our docs repository.