WhoamI•10mo ago

Security: DDOS attack prevention for open endpoints tRPC

So we are building an application and got multiple trpc endpoints associated with it, some of them are private and a few public ones (like login etc). While we can rate limit on the number of requests to prevent DDOS and similar attacks, the batch calls still stays vulnerable, what are the general methods to prevent these, and are there some precautions to take to limit the number of calls or access to these open endpoints

1 Reply

Nick•10mo ago

That generally goes in front of your api, Cloudflare for instance is very popular for DDOS protection, but I believe even API Gateway has some features

Move Fast & Break Nothing. End-to-end typesafe APIs made easy.

4.9KMembers

View on Discord

More Posts

Is there any information about caching in `@trpc/react-query`?How does query caching work? I want to create library for Angular and I would like to understand Rea cache craziness?can someone sanity check something for me? i'm using sst + trpc + drizzleorm + aws + rds + postgre tRPC over WebSocket with Next.js and NextAuthHi. I'm trying to set up Next 13 with tRPC over a WebSocket and NextAuth. I got it mostly working wi Server Side Calls in tRPC not working (Next 13, App Router)Where do I make the helper?Project structure ?I greatly appreciate for your insight on this, especially if you're an experienced fullstack dev: B Access procedures with same names and same parameters, but in different routers, genericallyMy trpc structure looks something like this: ``` trpc - router1 - routerX - proc1 - r