An API developer is improving an application code to prevent DDoS attacks. The solution needs to accommodate instances of a large number of API requests coming for legitimate purposes from trustworthy services. Which solution should be implemented?
A.
Restrict the number of requests based on a calculation of daily averages. If the limit is exceeded, temporarily block access from the IP address and return a 402 HTTP error code.
B.
Implement REST API Security Essentials solution to automatically mitigate limit exhaustion. If the limit is exceeded, temporarily block access from the service and return a 409 HTTP error code.
C.
Increase a limit of replies in a given interval for each API. If the limit is exceeded, block access from the API key permanently and return a 450 HTTP error code.
D.
Apply a limit to the number of requests in a given time interval for each API. If the rate is exceeded, block access from the API key temporarily and return a 429 HTTP error code.
To prevent DDoS attacks while accommodating legitimate high-volume requests from trusted services, it’s advisable to implement rate limiting. This involves setting a threshold for the number of requests that can be made to an API within a certain time frame. If this limit is exceeded, access should be temporarily blocked, and a 429 HTTP error code (“Too Many Requests”) should be returned. This allows legitimate users to be throttled rather than completely cut off, preserving functionality while protecting against abuse.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit