d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0ca14deb4cc9102e088f4d7b86fbcd05abd3d0a0
explorer-monorepo/docs/specs/security/ddos-protection.md

1.2 KiB
Raw Blame History

DDoS Protection Specification

Overview

DDoS protection via WAF, CDN, and rate limiting.

WAF Rules

Rule Categories

1. IP Reputation:

  • Block known malicious IPs
  • Rate limit suspicious IPs

2. Request Patterns:

  • Detect bot patterns
  • Block automated attacks

3. Geographic:

  • Optional geographic restrictions
  • Block high-risk regions

CDN Integration

Provider: Cloudflare Benefits:

  • DDoS mitigation
  • Geographic distribution
  • Caching

Rate Limiting Strategies

Rate Limit Levels

Per IP: 100 requests/minute Per API Key: Based on tier Per Endpoint: Varies by endpoint complexity

Implementation

Method: Token bucket or sliding window Storage: Redis for distributed rate limiting Headers: Rate limit headers in responses

IP Blocking and Whitelisting

Blocking

Automatic: Block IPs exceeding rate limits Manual: Admin can block specific IPs Temporary: Auto-unblock after cooldown period

Whitelisting

Use Case: Known good IPs (partners, internal) Implementation: Bypass rate limits for whitelisted IPs

References

  • API Gateway: See ../api/api-gateway.md
  • Security Architecture: See security-architecture.md
Reference in New Issue View Git Blame Copy Permalink