Limiting the number of attacks on a single API

[Joseph]

I can't really dive into details but essentially there is an API in our website that can be costly when attacked multiple times. We want to somehow limit the number of attacks on this single api and I think scripts can do this I just don't know how. Is there anyone that can help me on this?

[Simon Bennetts]

If you were talking about proxied requests then you could just use a proxy script like https://github.com/zaproxy/community-scripts/blob/main/proxy/Drop%20requests%20not%20in%20scope.js

For requests coming from ZAP you would have to use an httpsender script .. but those dont allow you to completely block the request.

Instead you could use an httpsender script to change the URL to point somewhere else, e.g. a URL that doesnt exist.

Cheers,

Simon

[Joseph]

Follow up question. Is it possible to have my API scanned only for SQLi and any other attack would change the URL with httpsender scripts?

[Simon Bennetts]

Of course. Just create a new Scan Policy with only the relevant rules enabled: https://www.zaproxy.org/docs/desktop/start/features/scanpolicy/

Cheers,

Simon