Restrict access to public service many times

2019-07-16 14:53发布

问题:

I have such situation. Imagine there is a public REST service. What we don't want, is for someone, to be able to access this service many times in short period of time, because they will be able to block our database (essentially a DDOS attack, I presume?).

Is there a way to effectively protect against this type of attack? Technology we use is Spring/Spring Security.

回答1:

If you are using Spring Boot There is a fairly new opensource project which handles this:

https://github.com/weddini/spring-boot-throttling

Declarative approach of throttling control over the Spring services. @Throttling annotation helps you to limit the number of service method calls per java.util.concurrent.TimeUnit for a particular user, IP address, HTTP header/cookie value, or using Spring Expression Language (SpEL).

Obviously this wouldn't prevent DDOS attacks at the web server level, but it would help limit access to long running queries or implement a fair usage policy.