search
TPI.devCommunityGithubLinkedIn

DoS Prevention and Traffic Protection Mechanisms

hashtag
Q: Does digiRunner provide built-in DoS (Denial-of-Service) prevention or DDoS mitigation capabilities?

A: Yes. While digiRunner does not provide a single, standalone “DoS button,” it implements a multi-layered defense architecture designed to mitigate abusive traffic, block malicious requests, and maintain high availability under heavy load.

digiRunner protects APIs through the following five core mechanisms:

  1. Traffic Shaping and Rate Limiting (TPS Control)

    This mechanism serves as the primary defense against volumetric attacks.

    • TPS/Node (Transactions Per Second): Administrators can enforce strict rate limits on a per-client basis. The default limit is 10 requests per second, which helps prevent short-term traffic bursts from overwhelming backend services.

    • API Quotas: In addition to instantaneous limits, long-term request caps (for example, daily quotas) can be configured to prevent resource exhaustion over time.

  2. Automated Bot Detection

    Introduced in version 4.2.24, this feature is designed to identify and block automated bot traffic.

    • User-Agent Filtering: Administrators can configure allow lists using regular expressions to validate incoming User-Agent headers.

    • Malicious Script Blocking: Requests originating from unauthorized scripts or tools that do not match approved client signatures are automatically rejected.

  3. High-Performance and Resilient Architecture

    digiRunner is built to operate reliably under high-concurrency conditions.

    • Non-blocking I/O: A native multi-tasking, parallel-processing architecture enables the platform to handle peak traffic without introducing request queue bottlenecks.

    • Auto-scaling: Support for containerized deployments (Docker and Kubernetes) allows gateway nodes to scale dynamically based on real-time traffic demand.

    • Adaptive Caching: Frequently accessed responses can be served directly from memory, reducing load on backend databases.

  4. Strict Authentication and Authorization

    By enforcing industry-standard security protocols such as OAuth 2.0, OpenID Connect (OIDC), and API keys, digiRunner ensures that only authenticated clients can access protected endpoints. Unauthorized or malicious requests are rejected at the gateway level.

  5. Real-Time Monitoring and Alerting

    The platform continuously monitors critical system metrics, including CPU usage, memory consumption, and response time. Configurable alert thresholds allow notifications to be sent via email or LINE, enabling operations teams to respond promptly to abnormal traffic patterns or potential attacks.

Keywords: DoS Prevention, DDoS Mitigation, API Rate Limiting, TPS Control, Bot Detection, API Security

PreviousAPI Security & Identity AuthenticationNextHow to Apply for and Obtain a digiRunner API Key

Last updated

Was this helpful?