Need to restrict the API per user one active instance

Hi,

I have developed an API using the Web Dev module of Ignition, I want to restrict one active instance of API per user this is to prevent Denial-of-Service (DoS) attack.

Any guidance on this part ?

Thank you in Advance
Sharon

This is an interesting case. We manage it, on our side, with an API gateway (we have a different piece of software that manage API access) that we were already using for other systems, where each application has its own key, and firewall prevent direct access

What are your use case? call only from Ignition itself, Perspective, Vision or other systems
Are you already using authentication? Per user, or per application?

Why do you need DoS mitigation? Are you exposing this module to a public facing URL? or what?

You will want to use the Servlet API to manage an HttpSession for you. You would start/access it from the raw request’s getSession() method during your user’s authentication. This will cause a cookie to be sent to the user along with your response, and they will need to include it with later requests.

You would add a key, GUID pair to the session to carry your singleton status. The singleton status would be tied to a persistent object in a script module. A dictionary of user names versus GUIDs would suffice, I think. Maybe with some expiration. The dictionary probably doesn’t need persistence beyond the script module lifetime.

On later requests, use getSession(False) and extract the GUID. If it doesn’t match the one in the persistent dictionary, reject the call.

1 Like