API request rejection should be based on response code as well

On coming up with Lack of Resources and Rate Limiting DC article for F5 XC I come across the situation where user should be rate limited based on invalid authentication credentials for requested resources. We have the feature to Rate Limit the user based on number of requests per minute. Along with that if we have the feature to identify the response code(401 Unauthorized) while trying to enter the credentials of a login would be a better way to enhance the security of the system. On 3 consecutive Unauthorized login can block the specific user for next 1 hour. This will even filter out the number of validation attempts or different combinations of password to try out to login to server.

  • Guest
  • Oct 26 2022
Mesh / API
  • Attach files