FAIL_2_SPAM

Available Configurations

Fail2Spam can be configured in several ways depending upon your available infrastructure and your desired application.

CLIENT --> CDN --> REVERSE PROXY --> SITE/APP

This configuration option validates client requests and serves up POW puzzles at the CDN edge, while state on rate-limiting operations is held at the reverse proxy before passing requests on to the site or API. This is the configuration that our DEMO page currently uses.

CLIENT --> REVERSE PROXY --> SITE/APP

This configuration option validates client requests, serves up POW puzzles and holds state on rate-limiting operations at the reverse-proxy before passing on requests on to the site or API. This configuration requires a reverse proxy that is capable of perfoming cryptographic operations, such as Open-Resty.

CLIENT --> CDN --> SITE/APP

This configuration option validates client requests and serves up POW puzzles before passing on requests on to the site or API. This configuration does not hold state and serves up POW to any unauthenticated clients. While it is the simplest and lightest to initially configure it requires activation and modification by your backend service. An Edge Compute API key for your CDN is recommended so that the backend application can modify or activate FAIL_2_SPAM automatically.