5 comments

[ 4.4 ms ] story [ 22.5 ms ] thread
> Unable to contact the client and with support requests pouring in, they blocked the client’s IP address in Expedited WAF.

> Using Expedited WAF, the team temporarily blocked access to the site from China and was able to remain online to their business customers.

Most used feature of Expedited WAF.

Gist is that they provide IP/region block.

> Using Expedited WAF, the team temporarily blocked access to the site from China and was able to remain online to their business customers.

Rest of it is generic API design advice

Yeah recent credential stuffing attacks I witnessed showed that blocking traffic based on AS numbers is very helpful. If your attacker is stupid User-Agent based blocks can be surprisingly effective as well. Beside of that rate-limiting, and if you can, geo blocking can at least slowdown malicious traffic. It's a bit of pity that the internet is no longer a peer2peer network and just client-server. But since you've a lot of server only networks, you can quite safely block them if your API is clients only. You still might see some false positive due a lot of VPN provider traffic. For what it's worth free VPN services now also push a lot of malicious traffic.
(comment deleted)
Definitely a great resource. I think a lot of the information is a bit too general though. Example:

>7) Cross Site Scripting (XSS). What is it: Manipulation of your API to further spread a malicious script. What you should do: Strongly filter all inputs for both corectness[sic] and script components.

I mean...yeah, but you should do this in all things...