Why not use security control and webapi frequency control to protect Api

i dont think hackerspray is a good ideal for online product to prevent themeselves from dos