We're excited to announce that Wallarm node 4.6 is now available!

The most important thing about this new release is the API Rate Limiting feature. The lack of proper rate limiting has been a significant problem for API security, as attackers can launch high-volume requests that can cause a denial of service (DoS) or overload the system, which hurts legitimate users. Overall, the lack of API Rate Limiting feature can result in a poor user experience, frustration, and potential security risks for both the user and the API infrastructure.

The usual way of limiting the number of requests made to an API is by blocking the IP address. However, this method can sometimes wrongly identify legitimate users as malicious and prevent them from accessing the service. Consider a SaaS application that provides an API to its customers. Each customer has their unique API key to access the service. To ensure that API consumption is fair and prevent misuse, you decide to implement rate limiting. Traditional rate limiting that relies on IP addresses would not work well in this case because multiple customers may be sharing the same IP address. For example, this can happen when customers are behind a corporate firewall or using a VPN.

With our API Rate Limiting, security teams can effectively manage the service's load and prevent false alarms, ensuring the service is always available and secure for real users. This powerful feature gives security teams more control over protection against bad bots and other bad actors. 

Security teams can now set specific parameters and session settings to apply rate limit rules based on any request parameter, including JSON fields, base64 encoded data, cookies, XML fields, and more. 

You can also adjust settings like the rate, burst, delay, and response code to fine-tune the rate limit settings and apply session settings to specific requests. Configuration is done within the Wallarm Console.

It's important to note that with version 4.6, you can only register Wallarm nodes in the Wallarm Cloud using a token. Registering with user credentials is no longer supported. If you used any user credentials to deploy the Wallarm node, you need to generate a token that will be used to register the nodes in the Wallarm Cloud. Instructions for generating a token are provided in the documentation. 

A more detailed changelog and instructions on upgrade are published in the official documentation.

If you have any questions, feel free to contact our support team at support@wallarm.com