Web application firewall
When you're exposing HTTP endpoints to others, you are expecting callers to behave as intended. Each HTTP conversation is supposed to follow a scenario that you have programmed in the service.
In the real world, that's not always the case. If the caller has a bug or is just not calling your service correctly, the expected behavior should be to send back a 4xx response and explain to the client why the request was rejected. That's also the case for malicious requests sent by attackers. Any unintended behavior should be dismissed.
The Open Web Application Security Project (OWASP) (https://www.owasp.org) is an excellent resource to learn about ways to protect your web apps from bad behaviors. They even provide a set of rules for the ModSecurity (https://modsecurity.org/crs/) toolkit's Web Application Framework (WAF) that can be used to avoid a lot of attacks.
In microservices-based applications, anything that's published to the web can be attacked, but, unlike monolithic...
