Strengthening API Endpoints with Regex Endpoint Matching, & Enhancing Attack Detection

Justice NDOU
4 min readApr 8, 2023

Introduction:

In today’s world, APIs have become an integral part of modern software development. They allow different systems to communicate and interact with each other seamlessly. However, with the increased use of APIs, the risk of security breaches has also increased.

EOD API Firewall Class

Attackers can exploit vulnerabilities in APIs to gain unauthorized access to sensitive data or execute malicious code.

To prevent such attacks, developers need to fortify their API endpoints. One way to achieve this is by using Regex endpoint matching.
Regex patterns can be used to validate and filter incoming requests, which helps to improve attack detection and prevent malicious traffic from reaching the API Endpoints.

In this article, we will introduce you to the EODAPIFirewall class, a Python module that leverages Regex endpoint matching to enhance API endpoint security. this class is part of EOD Stock API Gateway Server.

We will explore its features, such as IP Filtering and Bad Address Blocking, and how it interacts with the CloudFlare API to provide an additional layer of security to your API endpoints.

So, let’s dive in and learn how to protect your API endpoints from attacks!

class EODAPIFirewall:
"""
Attributes:
-----------
_max_payload_size: int
The maximum payload size allowed by CloudFlare API.
cloud_flare: CloudFlare
An instance of CloudFlare class to interact with CloudFlare API.
ip_ranges: list
A list of IP ranges added to CloudFlare Firewall.
bad_addresses: set
A set of IP addresses marked as bad.
compiled_pat:
A compiled regex pattern to match IP addresses.
"""

def __init__(self):
self._max_payload_size: int = 8 * 64
try:
self.cloud_flare = CloudFlare(email=EMAIL, token=TOKEN)
except CloudFlareAPIError:
pass
self.ip_ranges = []
self.bad_addresses = set()
self.compiled_patterns = [re.compile(_regex) for _regex in route_regexes.values()]
self.compiled_bad_patterns = [re.compile(pattern) for pattern in malicious_patterns.values()]
self._logger = init_logger(camel_to_snake(self.__class__.__name__))

@staticmethod
async def get_client_ip(headers, request):
"""will return the actual client ip address of the client making the request"""
ip = headers.get('cf-connecting-ip') or headers.get('x-forwarded-for')
return ip.split(',')[0] if ip else request.remote_addr

@staticmethod
async def get_edge_server_ip(headers) -> str:
"""obtains cloudflare edge server the request is being routed through"""
return headers.get("Host") if headers.get("Host") in ["localhost", "127.0.0.1"] else headers.get("x-real-ip")

The API Gateway’s EODAPIFirewall class is a Python module that allows you to fortify your API endpoints by implementing Regex endpoint matching. It is designed to work with the CloudFlare API, a popular service that provides DDoS protection, CDN, and other security features.

The class has several attributes, including _max_payload_size, cloud_flare, ip_ranges, bad_addresses, and compiled_patterns. The _max_payload_size attribute sets the maximum payload size allowed by the CloudFlare API. The cloud_flare attribute holds an instance of the CloudFlare class, which is used to interact with the CloudFlare API. The ip_ranges attribute is a list of IP ranges that have been added to the CloudFlare Firewall. The bad_addresses attribute is a set of IP addresses that have been marked as bad and blocked by the firewall. Finally, the compiled_patterns attribute is a list of compiled regex patterns that are used to match incoming requests to the API endpoint.

The __init__ method initializes the class attributes, including the compiled_patterns attribute, which is generated using the route_regexes dictionary. This dictionary maps API routes to regex patterns, allowing our API Gateway’s EODAPIFirewall class to match incoming requests to the appropriate endpoint.

The class also includes several methods, such as filter_ip, which filters incoming requests based on their IP address. The filter_ip method matches the IP address of an incoming request to the IP ranges stored in the ip_ranges attribute. If the IP address is within one of the specified ranges, the request is allowed to proceed. Otherwise, the request is blocked.

Another useful method is block_bad_addresses, which blocks requests from IP addresses that have been marked as bad. The block_bad_addresses method matches the IP address of an incoming request to the bad_addresses attribute. If the IP address is in the set of bad addresses, the request is blocked.

Overall, the EODAPIFirewall class is a powerful tool for improving the security of your API endpoints. By leveraging Regex endpoint matching, IP filtering, and bad address blocking, you can prevent malicious traffic from reaching your API endpoints and protect your sensitive data.

Conclusion

In conclusion, API endpoint security is a critical concern for any software development project. With the increasing number of security breaches and attacks on APIs, it has become more important than ever to fortify your API endpoints against potential threats.

Open Source Contributions

Our API Gateway is an open-source project that welcomes contributions from developers worldwide. By contributing to the project, developers can help improve API endpoint security globally, gain recognition, and develop their skills.
Our API Gateway’s EODAPIFirewall is a valuable tool for enhancing API endpoint security, integrating seamlessly with the CloudFlare API, and offering features such as IP filtering and bad address blocking.

Related Resources

EOD Stock API
API Gateway Project on Github
Live Project — API Gateway

--

--