Level 75
See if this article helps:
https://moz.com/blog/how-to-filter-junk-traffic-google-analytics
Jul 19, 2019
4
Level 4
Api Security
Hi, I buil a product tha offer a public api endpoint to collect data from my users' applications, each of those needs to provide their specific API key.
Sometimes I receive a lot of fake http calls (3/4.000 requests per minute) that tend to fill my server's resources. They are fakr, just to keep my server busy.
Actually my solution is identify these anomalies because my server slow down and add a "deny [fake-ip]" entry in my .htaccess file.
Instantly the server come to breathe.
Can I adopt a more scalable strategy to recognize and filter out bad traffic?
Level 122
You can rate limit requests, but I don't know anything about your application to know if this will impact genuine traffic.
The other way to look at it is if someone tries the wrong API key a number of times then ban them. Your genuine clients should not keep trying the wrong key after all.
Level 4
Hi, this was my thought too, I supposed that rate limiting could discard the fake traffic, bu it's not the case. When API rate limiting starts to work the web server is involved yet to respond at the http request.
That's why my server's resources still filled and I need to block IP in the .htaccess file.
Level 122
You could also look at a front-end filter like cloudflare ?
Please or to participate in this conversation.