Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

Prevent REST API spamming on public-facing website

  • 10-07-2015 02:02PM
    #1
    ikoonman
    Registered Users, Registered Users 2 Posts: 250 ✭✭


    What are best practices to prevent SPAMMING of a REST end-point on a public-facing website - say a contact form - which uses AngularJS posting to a Web API end-point?

    I suppose trying to introduce some form of RECAPTCHA may be a solution - although it may be combined with using an AntiForgeryCookie of sorts?

    Any advice would be appreciated.


Comments

  • #2
    Talisman
    Registered Users, Registered Users 2 Posts: 7,208 ✭✭✭Talisman


    Add a Google reCaptcha widget to the form. There are several AngularJS services available to do this, e.g. Google reCaptcha with AngularJS.

    On the server side you could rate limit your API and depending on how technical you want to get you could also firewall the API and blacklist nefarious ip addresses. Dome9 implemented a dynamic blacklist facility on their security service some time ago.


  • #3
    ikoonman
    Registered Users, Registered Users 2 Posts: 250 ✭✭ikoonman


    Talisman wrote: »
    Add a Google reCaptcha widget to the form. There are several AngularJS services available to do this, e.g. Google reCaptcha with AngularJS.

    Brilliant, thanks, that's what I decided to settle on.


Advertisement