projects / Evergreen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2e75f23) | patch
LP#1361782: Add DoS protection
authorMike Rylander <mrylander@gmail.com>
Tue, 22 Nov 2022 21:38:03 +0000 (16:38 -0500)
committerGalen Charlton <gmc@equinoxOLI.org>
Thu, 23 Mar 2023 19:12:47 +0000 (15:12 -0400)
commitffe2102f69c8792f735ac8b4ebb0179ef6ad7ff3
tree3a8ef1dfcd5d1f9b4b77e2653e6c2d8adcea9f3ftree
parent2e75f23d9d331881560bc37d221e1bdf1ddbac7fcommit | diff
LP#1361782: Add DoS protection

This commit adds two types of simple DoS protection:

 * Limit concurrent search requests per client IP address, regardless of
 the searches being performed.  This helps address issues of accidental
 spamming from a malfunctioning OPAC workstation, or crawlers of various
 types.  The limit is controlled by a global flag called
 "opac.max_concurrent_search.ip".

 * Limit the global concurrent search requests for the same query.  This
 helps address both simple and distributed DoS that send the same search
 request over and over.  The limit is controlled by a global flag called
 "opac.max_concurrent_search.query", and defaults to 20.

When the limit is exceeded in either case the client receives an HTTP
429 "Too many requests" response from the web server, and the connection
is ended.

Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Biblio.pm diff | blob | history
Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Search.pm diff | blob | history
Open-ILS/src/sql/Pg/950.data.seed-values.sql diff | blob | history
Open-ILS/src/sql/Pg/upgrade/XXXX.data.concurrent_search_global_flags.sql [new file with mode: 0644] blob
Evergreen ILS