Need help with rate limiting rule setup

Website, Application, Performance Security
1

Hello everyone! I can’t find the answer to the my question, so I decided to ask the community for help.

Some guy decided to send spam through our forms and to protect against this we have activated and configured rate limit rule.

But I doubt I set it right.

Information about the completed form is sending by POST request to the URL: https://website/openapi/v1/sites/57e0e7780cf246f2e541a116/visits/5badc1d60cf2c8baa6323672/actions/7736d70df975f2059e9871ea736b6e94/leads/

In the rule settings, I’ve specified the following URL: website/openapi/v1/sites//leads/

It is necessary for the rule to work on the URL website/openapi/v1/sites//leads/ and not work on this URL: website/openapi/v1/sites/*

The destination URL must contain /leads/

Did I do everything correctly?

2

Sorry, forget insert code tagst. Correct URLs:

Information about the completed form is sending by POST request to the URL: https://website.com/openapi/v1/sites/57e0e7780cf246f2e541a116/visits/5badc1d60cf2c8baa6323672/actions/7736d70df975f2059e9871ea736b6e94/leads/

In the rule settings, I’ve specified the following URL: website.com/openapi/v1/sites/*/leads/*

It is necessary for the rule to work on the URL website.com/openapi/v1/sites/*/leads/* and not work on this URL: website.com/openapi/v1/sites/*

The destination URL must contain /leads/

3

I am not all that familiar with rate limiting, and in particular its path matching, (so this is rather a stab in the dark) but shouldnt it be rather something like

website.com/openapi/v1/sites/*/visits/*/actions/*/leads/

Again, thats rather a guess. Did you test your pattern and it didnt work?

Also, you want to block that user, not slow him down, dont you? Rate limiting would only slow him down.

4

Hello, Sandro.

Thank you for your reply.

The pattern website.com/openapi/v1/sites/*/leads/* is working good, but i doubt about this parth of this pattern: */leads/*. If this pattern working on the all URLs which beginning from the website.com/openapi/v1/sites/* it’s will very bad for our budget, becourse we have a lot of requests on different URLs which beginning from website.com/openapi/v1/sites/*.

5

I wouldnt want to comment on that specific part as I am not familiar enough with the pattern matching in this case.

However isnt there some common pattern by which you could block the user altogether? That would also reduce your costs. Same or similar IP address for example? Browser?

6

Unfortunately, this guy cannot be blocked using ip or browser.

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.