=====================================
As an APIary platform, preventing rate limit bypass is crucial to ensure the security and integrity of our system. This page outlines the strategies we employ to mitigate common evasion techniques used by attackers.
IP Rotation
IP rotation involves rapidly switching between multiple IP addresses to evade rate limiting. To prevent this, we use a combination of IP blocking and geolocation-based rate limiting.
import ipaddress
from apiary.utils import get_client_ip
def block_ip(ip):
# Block the IP address for 24 hours
redis_conn.set(f"block:{ip}", "1", ex=86400)
def check_rate_limit(ip):
# Check if the IP is blocked or has exceeded the rate limit
if ipaddress.ip_address(ip) in [banned_ip for banned_ip in redis_conn.smembers("blocked_ips")]:
return False
elif get_client_ip() in [ip for ip, count in redis_conn.zrange("rate_limit", 0, -1, withscores=True)]:
return False
User-Agent Spoofing
User-agent spoofing involves manipulating the User-Agent header to evade rate limiting. We use a combination of machine learning-based techniques and regular expressions to detect and block suspicious User-Agents.
import re
from sklearn import svm
from apiary.utils import get_user_agent
def train_model(user_agents):
# Train an SVM model on labeled user-agents
clf = svm.SVC()
clf.fit([[re.findall(r"\d+", ua) for ua in user_agents]])
def detect_spoofing(user_agent):
# Check if the User-Agent matches a known pattern or is too similar to another
return bool(clf.predict([[re.findall(r"\d+", user_agent)]])[0])
Distributed Attacks
Distributed attacks involve using multiple machines or bots to evade rate limiting. We use a combination of IP blocking, geolocation-based rate limiting, and machine learning-based techniques to detect and block suspicious traffic.
import requests
from apiary.utils import get_client_ip
def check_distributed_attack(ip):
# Check if the IP is part of a known botnet or has made multiple requests from different locations
return bool(requests.get(f"https://api.botcheck.me/v1/check/{ip}").json()["is_bot"]) or \
len([loc for loc in redis_conn.smembers("locations")]) > 5
Layered Defenses
Our rate limit bypass prevention strategy employs a layered defense approach, combining multiple techniques to prevent evasion.
def prevent_bypass(ip, user_agent):
# Check if the IP is blocked or has exceeded the rate limit
if block_ip(ip) or check_rate_limit(ip):
return False
# Check for User-Agent spoofing and detect distributed attacks
if detect_spoofing(user_agent) or check_distributed_attack(ip):
return False
# If all checks pass, allow the request through
return True