From: blake <blake@mobiusconsortium.org>
Date: Thu, 28 Jan 2021 15:42:30 +0000 (-0600)
Subject: LP1913610 Evergreen needs a way to mitigate DOS
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=08a7299b762ed366496a6a4fc1415c5dbe6265e2;p=working%2FOpenSRF.git

LP1913610 Evergreen needs a way to mitigate DOS

Offering an idea for limiting certain URL's

Signed-off-by: blake <blake@mobiusconsortium.org>
---

diff --git a/examples/nginx/osrf-ws-http-proxy b/examples/nginx/osrf-ws-http-proxy
index e539013..6722db0 100644
--- a/examples/nginx/osrf-ws-http-proxy
+++ b/examples/nginx/osrf-ws-http-proxy
@@ -10,6 +10,8 @@
 # error_log  syslog:server=unix:/dev/log,nohostname;
 # access_log syslog:server=unix:/dev/log,severity=info,nohostname combined;
 
+limit_req_zone $binary_remote_addr zone=unapilimit:10m rate=10r/s;
+
 server { 
     listen 80;
 
@@ -24,6 +26,17 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_read_timeout 300s;
     }
+
+    location /opac/extras/unapi {
+        limit_req zone=unapilimit;
+        proxy_pass https://localhost:7443;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 300s;
+
+    }
 }
 
 server {
@@ -83,6 +96,17 @@ server {
         proxy_send_timeout 3m;
         proxy_read_timeout 3m;
     }
+
+    location /opac/extras/unapi {
+        limit_req zone=unapilimit;
+        proxy_pass https://localhost:7443;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 300s;
+
+    }
 }