To strengthen defenses against resource exhaustion and abuse, Wallarm has released two new mitigation controls specifically addressing "OWASP API4:2023 – Unrestricted Resource Consumption" threats.

📁 File Upload Restriction Policy 

This real-time node-side mitigation allows you to block oversized or maliciously crafted requests before they reach your app.

Two configuration options provide flexibility:

• Maximum Total Request Size – limit the full request, including headers, body, and parameters
  
  
• Maximum Size per Parameter – restrict specific fields such as JSON parameters, Multipart parameters, headers. etc.

This control is effective across all content types (e.g., POST-multipart, PUT, JSON with base64) and helps prevent denial-of-service, memory exhaustion, and CVE exploitation through size abuse.

Included in API Security and WAAP subscriptions with Node ≥ 6.3.0

🌐 Unrestricted Resource Consumption Detection

Part of the API Abuse detection module, this cloud-based control detects excessive and abnormal resource usage that may degrade system performance, even in the absence of traditional attack signatures.

Common attack scenarios include:

• Sending large requests to overload memory or bandwidth
  
  
• Triggering heavy operations (e.g., complex database queries) to slow down the server
  
  
• Downloading massive responses to consume outbound traffic (scraping) or exfiltrate data

Included in Advanced API Security (API Abuse module) with Node ≥ 6.3.0

🔍 Feature Comparison

✅ Full-Spectrum Protection for API4:2023

These two new controls, alongside Wallarm’s existing threat mitigation and behavioral detection capabilities, form a robust and layered defense against all known vectors of OWASP API4 Unrestricted Resource Consumption.