In the last hour, we suddenly started getting requests on our server to the following page: api/index.php/v1/config/application - how do we block requests like this to our website? This is clearly some sort of attempt at a hack and it wastes our server resources. We are on the business plan, but it’s not clear how to stop these kinds of requests.
The internet is full of nefarious people. There is nothing you can do about it.
Unless your site has resources available at this path (which I am doubting it does) there is nothing you need worry about. There is no information they can obtain, and no damage they can inflict. The bandwidth consumed by such requests is likely small—unless, possibly, there are thousands upon thousands on a continual basis.
If you do need to / want to block it, you could always choose to make an edge function to deny such requests and apply it just to that path. While this isn’t a codebase you can just use for this purpose, you could modify it minimally, to do what you want: