IDEA: security loopback/controller

[orubel]

say you have people attempting to mine your apis by hitting them over and over and over and your system detects this and flags it...
what next?

You can kick them out but then you won't be able to block their next attack or they will just attempt from another bot in their network.

If you keep their script looping indefinitely in your system, it will THINK it is mining when you can just feed it a pre-built dataset.

If we have a template or even a prebuilt template to work off, we can

• divert this traffic
• log it separately
• analyze separately

In fact being able to loopback traffic detected as different would be very good for analysis

[orubel]

we could also assign a separate session variable and header to do additional detection of how it is routing; this could be good for detection with your proxy and ISP in tracking it down.

[orubel]

This functionality would require a blacklist.

also a random data generator to output random json

[orubel]

This could be done like the error controller; send to a custom error controller for logging. That way we can blacklist all endpoints with questionable traffic

[orubel]

We can integrate this functionality by using 'mock data' as the feedback and integrate mock data into IO State rules