DoS protection release notes

author Mike Rylander <mrylander@gmail.com>

Tue, 21 Feb 2023 20:36:46 +0000 (15:36 -0500)

committer Galen Charlton <gmc@equinoxOLI.org>

Thu, 23 Mar 2023 19:08:15 +0000 (15:08 -0400)
author Mike Rylander <mrylander@gmail.com>
Tue, 21 Feb 2023 20:36:46 +0000 (15:36 -0500)
committer Galen Charlton <gmc@equinoxOLI.org>
Thu, 23 Mar 2023 19:08:15 +0000 (15:08 -0400)
diff --git a/docs/RELEASE_NOTES_NEXT/Architecture/DoS-protection.adoc b/docs/RELEASE_NOTES_NEXT/Architecture/DoS-protection.adoc

new file mode 100644 (file)

index 0000000..929c36a
--- /dev/null
+++ b/docs/RELEASE_NOTES_NEXT/Architecture/DoS-protection.adoc
@@ -0,0 +1,10 @@
+== DoS Protection ==
+
+Here we add two ways to protect against denial of service attacks:
+ * Limit concurrent search requests per client IP address
+  ** This helps address issues of accidental spamming from a malfunctioning OPAC workstation, or web crawlers of various types.  The limit is controlled by a global flag called *opac.max_concurrent_search.ip*.  By default there is no limit set.
+ * Limit the global concurrent search requests for the same query
+  ** This helps address both simple and distributed DoS that send the same search request over and over.  The limit is controlled by a global flag called *opac.max_concurrent_search.query*, and defaults to 20.
+
+When a limit is exceeded the client receives an HTTP 429 "Too many requests" response from the web server, and the connection is ended.
+
author	Mike Rylander <mrylander@gmail.com>
	Tue, 21 Feb 2023 20:36:46 +0000 (15:36 -0500)
committer	Galen Charlton <gmc@equinoxOLI.org>
	Thu, 23 Mar 2023 19:08:15 +0000 (15:08 -0400)