tiagografiti
commented
1 year ago Flask-Limiter might be a good option for limiting access to one specific endpoint, we can make this very strict (only 5 hits per minute per IP address on the email notification endpoint), there are a few draw backs to that, for example if more than one person is trying to connect to a survey using the same network (their public IP address would be the same). https://flask-limiter.readthedocs.io/en/stable/index.html Effort is Low (Small).
While the route configuration on openshift would be a API wide configuration more about a full on site attack. we can set a more forgiving threshold for about 1000 request a minute for the entire site. https://docs.openshift.com/container-platform/4.9/networking/routes/route-configuration.html Effort is Low (Small).
Implement overall rate limiting on Openshift routes Implement a more restrictive rate limiting using Flask-Limiter on public routes (email signup)