Hmm - seems I never committed this code. I’ll do that now…
EDIT - here it is
https://github.com/phenomlab/category-list/tree/main
Hello Mark,
Hope you’re doing well! Got a quick security question for you. I have a website that runs on Apache with Cloudways hosting, and we’re using APIs in PHP files. Recently, I noticed some random users accessing the APIs with URLs like domain.com/file.php?data=xxxx?
, which seems like an attempt to misuse the server.
Could you suggest a way to protect my server so only authorized requests can access these APIs?
Thanks a lot!
@Hari Much of this response depends on whether these API’s are internal or external, and who manages/supports them. If they are your own API’s, then you should ideally send a predefined key in the header to ensure that the request is authentic.
This is the standard way of doing it, but I’ll need a bit more detail to comment further.
@phenomlab issue was with high traffic spikes and the website used to get crashed. API is managed by others, its built in such a way they built it in such un protected way. we would be moving to nodejs own APIs soon to address all these issues. thought of solving it with help of you and a friend of mine is helping me build a new site with APIs. thanks