Implement Automated Rate Limiting and DDoS Protection
Priority: High
Estimated Time: 2 hours
Description
The API has no protection against DoS attacks. An attacker could spam requests and exhaust resources.
Tasks
- Implement token-bucket rate limiter (per-IP: 100 req/min, per-API-key: 1000 req/min)
- Add WAF rules to detect and block patterns: rapid repeated requests, request size anomalies
- Return 429 Too Many Requests on limit exceeded
- Add rate limit status headers to responses
- Add tests for rate limiting and bypass prevention
Auto-created from UNSOLVED_ISSUES_40.md
Implement Automated Rate Limiting and DDoS Protection
Priority: High
Estimated Time: 2 hours
Description
The API has no protection against DoS attacks. An attacker could spam requests and exhaust resources.
Tasks
Auto-created from UNSOLVED_ISSUES_40.md