Yes, Apigee can detect and block DDoS attacks on APIs in real-time. Here are some of the ways it does this:
Request rate limiting - Apigee can set limits on the number of requests per second that a client can make. If a client exceeds these limits, Apigee can block their requests. This helps mitigate request flooding attacks.
SYN cookie protection - When a client first connects to Apigee, it sends a SYN packet to initiate the TCP connection. Apigee can use SYN cookies to detect abnormal patterns of SYN packets that may indicate a SYN flooding attack. It can then drop suspected attack traffic.
Burst detection - Apigee monitors the request rate of each client in real-time. If it detects an abnormal spike or "burst" in requests from a client, it can immediately block that client to stop an in-progress attack.
Blacklisting - After detecting a DDoS attack, Apigee can automatically blacklist the client's IP address to block any further requests from that source. The blacklist is immediately enforced to stop attack traffic.
Challenge requests - Apigee can challenge incoming API requests to verify they are legitimate before passing them through. It can automatically scale up the use of challenges when a potential DDoS attack is detected.
All of these DDoS detection and mitigation techniques happen in real-time as requests are received by Apigee. So if an attack suddenly starts flooding API requests, Apigee can usually detect and respond to it within seconds to protect the backend API service.
The exact detection speed will depend on the scale and type of attack, as well as the specific Apigee configuration. But in general, Apigee is designed to mitigate DDoS attacks as close to real-time as possible to minimize any impact on API availability and performance.
Hope this helps! Let me know if you have any other questions.
No comments:
Post a Comment