BossMan Comments - Answer Overflow

Topics

BossMan

CDCloudflare Developers

•Created by BossMan on 10/5/2024 in #general-help

protecting my api subdomain

(with captcha)

32 replies

CDCloudflare Developers

•Created by BossMan on 10/5/2024 in #general-help

protecting my api subdomain

this is my first time protecting api, will take a look

32 replies

CDCloudflare Developers

•Created by BossMan on 10/5/2024 in #general-help

protecting my api subdomain

yes that would reduce my cost too, thank you so much. i will look into implementing it

32 replies

CDCloudflare Developers

•Created by BossMan on 10/5/2024 in #general-help

protecting my api subdomain

so in the backend before i do expensive computing i call CF api to verify the token and proceed right?

32 replies

CDCloudflare Developers

•Created by BossMan on 10/5/2024 in #general-help

protecting my api subdomain

ah that's a good idea thanks

32 replies

CDCloudflare Developers

•Created by BossMan on 10/5/2024 in #general-help

protecting my api subdomain

will try that

32 replies

CDCloudflare Developers

•Created by BossMan on 10/5/2024 in #general-help

protecting my api subdomain

increasing my cost drastically

32 replies

CDCloudflare Developers

•Created by BossMan on 10/5/2024 in #general-help

protecting my api subdomain

it does, the scale of attack is 10x more than my usual load

32 replies

CDCloudflare Developers

•Created by BossMan on 10/5/2024 in #general-help

protecting my api subdomain

im manually blacklisting ip or blocking bassed on UA

32 replies

CDCloudflare Developers

•Created by BossMan on 10/5/2024 in #general-help

protecting my api subdomain

as of now they're spamming my unauthenticated search api from various different ips using random length strings

32 replies

CDCloudflare Developers

•Created by BossMan on 10/5/2024 in #general-help

protecting my api subdomain

oh but im not sure why only domain.com requests contains the cookie and not my api.domain.com

32 replies

CDCloudflare Developers

•Created by BossMan on 10/5/2024 in #general-help

protecting my api subdomain

yes but my domain.com cannot send cookies of api.domain.com right? that's the problem

32 replies

CDCloudflare Developers

•Created by BossMan on 10/5/2024 in #general-help

protecting my api subdomain

is there no way to mitigate this?

32 replies

CDCloudflare Developers

•Created by BossMan on 10/5/2024 in #general-help

protecting my api subdomain

im really stuck, my search api is being abused using multiple random queries which i can't validate as well. im only manually blocking the attack by using some common patterns i find, this could trigger false positives as well

32 replies

CDCloudflare Developers

•Created by BossMan on 10/5/2024 in #general-help

protecting my api subdomain

preflight can be whitelisted when the request method is OPTIONS right?

32 replies