Goal:
Check if the server enforces rate limiting to block too many rapid requests.
Steps:
In this exercise, we are using Drishya's domain as an example. Please remember to work with your respective domains while recreating the steps.
Open your Kali Linux terminal.
Run this command:
1for i in {1..20}; do curl https://www.drishya.fun/api/arcjet; doneWhat to Watch For:
Are some requests blocked or slowed down?
Does the server return HTTP 429 (Too Many Requests)?
Is there any delay or protection after repeated calls?
Did Vercel Firewall identify this attack?
Did Arcjet identify the rate limit?
If yes, Rate limiting is active.
If no: The API may be vulnerable to denial-of-service (DoS) or abuse.