projects / Evergreen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 58e4514) | patch
LP#1361782: Add DoS protection
authorMike Rylander <mrylander@gmail.com>
Tue, 22 Nov 2022 21:38:03 +0000 (16:38 -0500)
committerGalen Charlton <gmc@equinoxOLI.org>
Thu, 23 Mar 2023 19:12:02 +0000 (15:12 -0400)
commit31eee80a8c2521d8efe2253e3985265d2b31562d
tree4242c81ad0e981c4fd82035171a88ea8363335c4tree
parent58e4514aef8f53af748180b60555167f59deb010commit | diff
LP#1361782: Add DoS protection

This commit adds two types of simple DoS protection:

 * Limit concurrent search requests per client IP address, regardless of
 the searches being performed.  This helps address issues of accidental
 spamming from a malfunctioning OPAC workstation, or crawlers of various
 types.  The limit is controlled by a global flag called
 "opac.max_concurrent_search.ip".

 * Limit the global concurrent search requests for the same query.  This
 helps address both simple and distributed DoS that send the same search
 request over and over.  The limit is controlled by a global flag called
 "opac.max_concurrent_search.query", and defaults to 20.

When the limit is exceeded in either case the client receives an HTTP
429 "Too many requests" response from the web server, and the connection
is ended.

Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Biblio.pm diff | blob | history
Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Search.pm diff | blob | history
Open-ILS/src/sql/Pg/950.data.seed-values.sql diff | blob | history
Open-ILS/src/sql/Pg/upgrade/XXXX.data.concurrent_search_global_flags.sql [new file with mode: 0644] blob
Evergreen ILS