9👍
You might want to read the following 3 questions over on Security Stack Exchange.
A quick description of the problem:
Possible solutions and limitations of attempting mitigation in software:
And a bit of discussion around commonly used anti-DDoS techniques at the perimeter, rather than the application:
It is really difficult to do at the application level – the earlier in the path you can drop the attack, the better.
4👍
I’d probably aim to deal with DoS at a higher level in the stack. If you’re using Apache, take a look at mod_security. Or maybe a nice set of firewall rules.
Edit: Depending on your situation, you also might want to take a look at a caching server like Varnish. It’s a lot harder to DoS you, if the vast majority of hits are served by the lightning quick Varnish before they even reach your regular web server.
1👍
The solution is simple, limit API with throttling and auth
The default throttling policy may be set globally, using the DEFAULT_THROTTLE_CLASSES and DEFAULT_THROTTLE_RATES settings.
The quote is from
https://www.django-rest-framework.org/api-guide/throttling/#setting-the-throttling-policy
- Django and Long Polling
- PyCharm does not resolve templates nor template tags nor statics in Django project
- How to return data with 403 error in Django Rest Framework?
- Django 'resolve' : get the url name instead of the view_function
- How to override template in django-allauth?