If you are here, probably, it’s because you are concerned about the stability of your .NET API against Denial-Of-Service (DoS) and Distributed-Denial-of-Service (DDoS) attacks.
In this web you will discover an effective solution to protect your .NET API.
If you limit your API, in general way, to N requests per IP or per user, it is enough for these N requests can be used to constantly impact the same specific heavy function that can severely slow down the entire service.
“Each function of your API must be restricted in a particular way depending on the normal frequency of use and the cost of processing which that function implies for the server, otherwise you are not protecting your API.”
API Protector .NET is a library that allows you to protect your .NET API (MVC, WebApi) (.NET / .NetCore), against DoS and DDoS attacks without effort, in a simple, declarative and maintenable way.
About DoS and DDoS attacks
As you probably know, a Denial-of-Service (DoS) attack consists of consuming the server’s computational resources, thus making the service inaccessible or slow for legitimate users. Take down or, in the best case slow down an API is an easy task. All that is needed is to find any function that performs a heavy task (complex queries to the database, heavy background tasks, etc.), and call it a lot of times in parallel.
For example, if we have the function ‘GetMonthlyReport’, which processes for 5 seconds before giving us the answer, (perhaps taking one of the server cores to a load of 100% for 5 seconds), then it will suffice to call this function several times in parallel to severely slow down the server. If the attacker keeps repeating the attack constantly, we will have an irresponsive service.
But what would happen if from different origins, multiple users made this type of attack at the same time? There we would have a Distributed-Denial-of-Service (DDoS) Attack. It would cause the server to run out of resources and, therefore, the service would be completely inaccessible.
Therefore, if you want to have a service that works, you must protect your API from such common attacks, and this is the purpose of the ‘API Protector .NET’ library.