|
|
|
|
|
|
by giu
1786 days ago
|
|
|
> I don't think I'd add it there, isn't it handled by firewall / infrastructure than app directly? Although most DDoS attacks happen on the layers 3, 4, and 6 of the OSI model, your application still has to be hardened against resource exhaustion and other DDoS attacks. For example, if you have a REST endpoint that starts a complex query which might return a large result given some specific query parameters (e.g. your limit parameter is not bound, so I can set limit=1000000), running 10000 requests against it from different hosts (malicious or not) may bring down your database server. |
|
|