DoS Prevention and Traffic Protection Mechanisms

Q: Does digiRunner provide built-in DoS (Denial-of-Service) prevention or DDoS mitigation capabilities?

(Keywords: DoS Prevention, DDoS Mitigation, API Rate Limiting, TPS Control, Bot Detection, API Security)

A: Yes. While digiRunner does not have a standalone "DoS Button," it employs a multi-layered defense system designed to mitigate abusive traffic, block malicious requests, and ensure high availability under heavy load.

The platform secures your APIs through the following five core mechanisms:

1. Traffic Shaping & Rate Limiting (TPS Control)

This is your primary defense against volumetric attacks.

• TPS/Node (Transactions Per Second): You can enforce strict rate limits on a per-client basis. The default limit is 10 requests per second, effectively preventing short-term traffic bursts from overwhelming your backend services.

• API Quotas: Beyond instantaneous limits, you can set long-term caps (e.g., daily limits) to prevent resource exhaustion over time.

2. Automated Bot Detection

Introduced in version 4.2.24, this feature specifically targets and blocks automated bot attacks.

• User-Agent Filtering: You can configure an "allow list" using regular expressions to validate the User-Agent string.

• Malicious Script Blocking: This effectively filters out requests from unauthorized scripts or tools that do not match your approved client signatures.

3. High-Performance Resilient Architecture

digiRunner’s underlying infrastructure is built to withstand high concurrency scenarios.

• Non-blocking I/O: The platform uses a native multi-tasking, parallel processing architecture to handle peak traffic without creating queue blockages.

• Auto-scaling: Support for containerized deployments (Docker/Kubernetes) allows API Gateway nodes to dynamically scale out based on real-time traffic demand.

• Adaptive Caching: Reduces pressure on backend databases by serving responses directly from memory when appropriate.

4. Strict Authentication & Authorization

By enforcing industry-standard protocols—such as OAuth 2.0, OIDC, and API Keys—digiRunner ensures that only authenticated clients can access endpoints, instantly rejecting unauthorized or malicious requests at the gateway level.

5. Real-time Monitoring & Alerting

The system provides continuous monitoring of critical resources (CPU, Memory, Response Time). You can configure alert thresholds to receive immediate notifications via Email or Line, enabling your operations team to react instantly to abnormal traffic patterns or potential attacks.