Good day all,
I have been reading through the API shield docs today and a bunch of questions came to mind.
Is there anything additional I would need to do in order to defend a /graphql endpoint using API shield, or should I just treat it the same as I would any other endpoint?
Could I make use of Volumetric Abuse Detection to help defend a /graphql endpoint the same as if I were attempting to protect a /reset-password or /login page?
Do others have examples of how they go about utilizing Cloudflare to defend thier graphql endpoint?
Don’t mean to bump my own thread, but after reading through the docs I came up with this an an initial rule to block malicious traffic:
(http.request.uri.path eq "/graphql" and http.request.method eq "POST" and cf.threat_score gt 40) or (http.request.method eq "GET" and http.request.uri.query contains "mutation" and cf.threat_score gt 40)
According to the docs
"Represents a Cloudflare threat score from 0–100, where 0 indicates low risk. Values above 10 may represent spammers or bots, and values above 40 identify bad actors on the Internet.
It is rare to see values above 60. A common recommendation is to challenge requests with a score above 10 and to block those above 50."
So it seems that setting cf.threat_score to be greater than 40 would be a good place to start.