Backendless Support
 
Answered

Preventing DoS attacks

Hi

My question is that what happens if a person tries to use up my service quota? (e.g. by sending lots of api requests to rich my service api/min limit and make my the app down)

Is there any firewall on the server to protect us against DoS attackers?

should I handle them programmatically !!?

Thanks

Best Answer
photo

Hi Morteza,

I apologize it took us a while to respond to you. Your question caused us to revisit how we calculate API calls.

When an API call is made for your app, it would be counted as an API call no matter who made it. You would need to use Backendless security to make sure that only authenticated and authorized users can make the API calls. Which means if someone tries to access your backend without an authorization, their requests would be denied. As I said, your question made us think that any requests which were denied because of a security permission should not be counted as an API call. We’re planning to introduce that change asap.

Regards,

Mark

Leave a Comment

Comments (4)

photo
1

No answer? Can't prevent it? There is no way to handle it!?

photo
2

Hi Morteza,

I apologize it took us a while to respond to you. Your question caused us to revisit how we calculate API calls.

When an API call is made for your app, it would be counted as an API call no matter who made it. You would need to use Backendless security to make sure that only authenticated and authorized users can make the API calls. Which means if someone tries to access your backend without an authorization, their requests would be denied. As I said, your question made us think that any requests which were denied because of a security permission should not be counted as an API call. We’re planning to introduce that change asap.

Regards,

Mark

photo
1

Thanks a lot for spending time on this problem.

But a small question is still in my mind that if I block non-authenticated and non-authorized users from accessing my backend, how can I register them, the first time that they request for signing up in my app?! should I handle register requests on my own server and not on Backendless?!

photo
1

Even not authenticated user can call registration. This is special exception.