Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Prevent REST API spamming on public-facing website

  • 10-07-2015 2:02pm
    #1
    Registered Users, Registered Users 2 Posts: 250 ✭✭


    What are best practices to prevent SPAMMING of a REST end-point on a public-facing website - say a contact form - which uses AngularJS posting to a Web API end-point?

    I suppose trying to introduce some form of RECAPTCHA may be a solution - although it may be combined with using an AntiForgeryCookie of sorts?

    Any advice would be appreciated.


Comments

  • Registered Users, Registered Users 2 Posts: 6,289 ✭✭✭Talisman


    Add a Google reCaptcha widget to the form. There are several AngularJS services available to do this, e.g. Google reCaptcha with AngularJS.

    On the server side you could rate limit your API and depending on how technical you want to get you could also firewall the API and blacklist nefarious ip addresses. Dome9 implemented a dynamic blacklist facility on their security service some time ago.


  • Registered Users, Registered Users 2 Posts: 250 ✭✭ikoonman


    Talisman wrote: »
    Add a Google reCaptcha widget to the form. There are several AngularJS services available to do this, e.g. Google reCaptcha with AngularJS.

    Brilliant, thanks, that's what I decided to settle on.


Advertisement