Skip to content

Magento 2: NO RATE LIMIT IMPLEMENTED

During Penetration Test Scan it is found that website did not implement any rate-limiting on contact us page, Attacker can submit multiple forms and spam the database with false queries.

It was also observed the web application audit not implement any rate-limit on number of addresses that can be added to a user account, Attacker can submit multiple requests and add many addresses to their account. Attacker can also the impact by submitting these requests from multiple accounts which might lead to Application-level Denial-of-Service.

Rate limiting is a strategy for limiting network traffic. It puts a cap on how often someone can repeat an action within a certain timeframe. Rate limiting can help stop certain kinds of malicious bot activity. It can also reduce strain on web servers. However, rate limiting is not a complete solution for managing bot activity. This could lead to DoS/Brute force attacks.

Please suggest how can it be implemented