[Fixed]-Best practices for preventing Denial of Service Attack in Django


You might want to read the following 3 questions over on Security Stack Exchange.

A quick description of the problem:

Possible solutions and limitations of attempting mitigation in software:

And a bit of discussion around commonly used anti-DDoS techniques at the perimeter, rather than the application:

It is really difficult to do at the application level – the earlier in the path you can drop the attack, the better.


I’d probably aim to deal with DoS at a higher level in the stack. If you’re using Apache, take a look at mod_security. Or maybe a nice set of firewall rules.

Edit: Depending on your situation, you also might want to take a look at a caching server like Varnish. It’s a lot harder to DoS you, if the vast majority of hits are served by the lightning quick Varnish before they even reach your regular web server.



The solution is simple, limit API with throttling and auth

The default throttling policy may be set globally, using the DEFAULT_THROTTLE_CLASSES and DEFAULT_THROTTLE_RATES settings.

The quote is from

Leave a comment