Curious about how you've deployed Python/Django and if you have any recommendations given what you've just been through?
Nothing we have is comparable to anything anyone else will have.
We're still on python 2.7, a very old Django, a small server (which yesterday I cloned to be a fleet of about 100 servers).
It's so old I cannot even deploy it 🤷 hence the cloning.
The problem here is probably the memory and limits of that small server, it expects to serve many small requests quickly, but some of the attack requests has 1Mb payloads, so it seemed to be a resource exhaustion.
All the natural guidance kicks in: use limits liberally, so that you break everything down to the smallest possible thing, as then you can control things.
We effectively use Django statelessly... No database! It just calls the API server, and the state only really exists in the database. If recommend always running like this even though this didn't help yesterday.
Nothing we have is comparable to anything anyone else will have.
We're still on python 2.7, a very old Django, a small server (which yesterday I cloned to be a fleet of about 100 servers).
It's so old I cannot even deploy it 🤷 hence the cloning.
The problem here is probably the memory and limits of that small server, it expects to serve many small requests quickly, but some of the attack requests has 1Mb payloads, so it seemed to be a resource exhaustion.
All the natural guidance kicks in: use limits liberally, so that you break everything down to the smallest possible thing, as then you can control things.
We effectively use Django statelessly... No database! It just calls the API server, and the state only really exists in the database. If recommend always running like this even though this didn't help yesterday.