How to defend attacks on web API services

The web API service I used to log in to the Android app was attacked.
I queried the attacking user-agent:

Mozilla/5.0 (Linux; U; Android 8.1.0; zh-cn; BLA-AL00 Build/HUAWEIBLA-AL00) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/57.0.2987.132 MQQBrowser/8.9 Mobile Safari/537.36

I tried to block access by this user agent, but normal login requests were blocked at the same time.
May I ask if I set the wrong user agent or how should I prevent attacks on the web API service

Hey @7875181,
-1st of all I’m kindly asking, how did you detected this attack?
-What was the query?
-How did you block access?

I tried to block access by this user agent, but normal login requests were blocked at the same time.

This sounds reasonable cause you blocked the user-agent.
Can you give us more details ( a screenshot of the blocking firewall rule ).

how should I prevent attacks on the web API service

To prevent attacks on the web API service, is quite the same like preventing attacks on the web application side.

https://www.cloudflare.com/learning/security/threats/owasp-top-10/

2 Likes

The attacker creates many APACHE processes by sending post requests to the API of a specific URL to occupy server resources.
I used rate limiting on this URL but it failed.
It appears that the attacker simply used a large number of IPs to conduct a one-time attack in batches.
The rate-limiting rules cannot effectively prevent such attacks.

ok @7875181 have you tried to use the CloudFlare under attack mode,

Try please this method, and if you have any issues, just let us know, to investigate, and try other methods too.
As I see it, at the time, you won’t have any issues while trying to log in to your app,

In the mean time, you haven’t provided details about your:
topology, systems, how do you use CloudFlare exactly , Network
also, would like to know, what exactly you mean by

Can you name the web API? Is it a known service? Is it a custom API?

Try to send us here some more information next time, so we can help you faster

This topic was automatically closed after 30 days. New replies are no longer allowed.