Rate Limiting

Ensuring Security and Availability

Prophaze WAF API supports rate limiting to prevent and ensure the stability and reliability of the API. Rate limiting is used to block malicious bots which inversely affecting an web application. Also helps to protect against API overuse by mitigating attacks like Brute Force attacks, DDoS attacks and Wen scarping. Prophaze uses multiple rate limiting algorithms to deal with fast and slow DDoS attacks. Prophaze WAF API allows you to configure the rate limiting settings according to your needs.

prophaze_API_gateway
API

Protect Every Web App, Hosted Anywhere, in Minutes.

A process that is used to define the rate at which consumers can access APIs. It determines the speed at which a consumer can access APIs and is calculated in real time. Administrators and publishers of API manager can use rate limiting to define the number of API requests per second/minute/hour.

Configuring Rate Limiting in Prophaze WAF API

Developers are rate limiting their APIs to improve their application’s security and performance using Prophaze WAF. To make sure about availability and protect against abuse, it is possible to set API usage limits. With Prophaze WAF, add rate limits to API resources for the SLA plans. Once the API exceeds the rate limit, the subscriber gets Status 429 message in the response header. Status 429 message indicates that the rate-limit has crossed.

API throttling allows you to control the way an API is used Throttles indicate a temporary state, and are used to control the data that clients can access through an API. When a throttle is triggered, you can disconnect a user or just reduce the response rate. You can define a throttle at the application, API or user level.

Security for Your Data Privacy​
OWASP-Top-10-API-Vulnerability-​

Protection Against DDoS Attacks and Other Attacks

Prophaze WAF can reduce the load on its website, this checks for SQLi attacks and XSS attacks for both the network and application layers. DDoS attacks typically entail flooding a server with requests for a brief period of time in an attempt to overwhelm it and make it inaccessible. When individuals comes to a website for help, some offenders can work to compromise the application or steal any valuable information. These people can also launch a DDoS attack make the application unavailable.