Hello. How can I protect my web server API? I critically can’t enable the captcha screen, because many clients connect to my api separately. My API uses a desktop application. Traffic needs to be filtered differently.
For example, if I am attacked by requests with non-existent API endpoints, when there are millions of such requests per second - the webserver will not survive no matter how fast it processes each request.
What methods of protection will work for me and how to do it correctly?
I tried to use the Security - DDoS, Ruleset action block with Ruleset sensitivity High setting. Of course Security Level - High.