+++ /dev/null
-== DoS Protection ==
-
-Here we add two ways to protect against denial of service attacks:
- * Limit concurrent search requests per client IP address
- ** This helps address issues of accidental spamming from a malfunctioning OPAC workstation, or web crawlers of various types. The limit is controlled by a global flag called *opac.max_concurrent_search.ip*. By default there is no limit set.
- * Limit the global concurrent search requests for the same query
- ** This helps address both simple and distributed DoS that send the same search request over and over. The limit is controlled by a global flag called *opac.max_concurrent_search.query*, and defaults to 20.
-
-When a limit is exceeded the client receives an HTTP 429 "Too many requests" response from the web server, and the connection is ended.
-
+++ /dev/null
-== Protect qtype CGI parameter ==
-
-Malicious DoS attempts have been witnessed in the wild making use of
-the fact that Evergreen does not check the contents of the qtype CGI
-parameter. While these fail their intent, it would be better to
-simply drop such searches on the floor when they're seen.
-
-Evergreen will now confirm that the search class in the qtype parameter
-is valid, and that the remainder of the value is structured correctly,
-before processing the search request.
-
+++ /dev/null
-== User Id Added to Stripe Payment Information ==
-
-The user's database id is added to the "description" field to make it easier
-to associate transactions to users if there is a Stripe payment issue that
-requires followup.
-* `autogen.sh` can now accept a `-c` switch to specify the location of `opensrf_core.xml`. This is useful for certain multi-tenant setups of Evergreen. (LP#2003707)
-* Prevent templates from applying or changing magical status in angular holdings editor (LP#1999401)
-* Prevent directly editing the shelving location deleted field in the Shelving Locations Editor (LP#2002435)
\ No newline at end of file
projects / Evergreen.git / commitdiff