Protecting API Access on Apache/Cloudways
Solved
Security
-
Hello Mark,
Hope you’re doing well! Got a quick security question for you. I have a website that runs on Apache with Cloudways hosting, and we’re using APIs in PHP files. Recently, I noticed some random users accessing the APIs with URLs like
domain.com/file.php?data=xxxx?, which seems like an attempt to misuse the server.Could you suggest a way to protect my server so only authorized requests can access these APIs?
Thanks a lot!
-
Hello Mark,
Hope you’re doing well! Got a quick security question for you. I have a website that runs on Apache with Cloudways hosting, and we’re using APIs in PHP files. Recently, I noticed some random users accessing the APIs with URLs like
domain.com/file.php?data=xxxx?, which seems like an attempt to misuse the server.Could you suggest a way to protect my server so only authorized requests can access these APIs?
Thanks a lot!
@Hari Much of this response depends on whether these API’s are internal or external, and who manages/supports them. If they are your own API’s, then you should ideally send a predefined key in the header to ensure that the request is authentic.
This is the standard way of doing it, but I’ll need a bit more detail to comment further.
-
@Hari Much of this response depends on whether these API’s are internal or external, and who manages/supports them. If they are your own API’s, then you should ideally send a predefined key in the header to ensure that the request is authentic.
This is the standard way of doing it, but I’ll need a bit more detail to comment further.
@phenomlab issue was with high traffic spikes and the website used to get crashed. API is managed by others, its built in such a way they built it in such un protected way. we would be moving to nodejs own APIs soon to address all these issues. thought of solving it with help of you and a friend of mine is helping me build a new site with APIs. thanks
-
undefined Hari has marked this topic as solved on 28 Nov 2024, 19:59
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (ether email, or push notification). You'll also be able to save bookmarks, use reactions, and upvote to show your appreciation to other community members.
With your input, this post could be even better 💗
RegisterLog in
