From: Mike Rylander Date: Tue, 21 Feb 2023 20:36:46 +0000 (-0500) Subject: DoS protection release notes X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=ac87e869cc1c0c6ab2c06f2eecfbfaaa45624258;p=evergreen%2Fpines.git DoS protection release notes Signed-off-by: Mike Rylander Signed-off-by: Galen Charlton --- diff --git a/docs/RELEASE_NOTES_NEXT/Architecture/DoS-protection.adoc b/docs/RELEASE_NOTES_NEXT/Architecture/DoS-protection.adoc new file mode 100644 index 0000000000..929c36a3aa --- /dev/null +++ b/docs/RELEASE_NOTES_NEXT/Architecture/DoS-protection.adoc @@ -0,0 +1,10 @@ +== DoS Protection == + +Here we add two ways to protect against denial of service attacks: + * Limit concurrent search requests per client IP address + ** This helps address issues of accidental spamming from a malfunctioning OPAC workstation, or web crawlers of various types. The limit is controlled by a global flag called *opac.max_concurrent_search.ip*. By default there is no limit set. + * Limit the global concurrent search requests for the same query + ** This helps address both simple and distributed DoS that send the same search request over and over. The limit is controlled by a global flag called *opac.max_concurrent_search.query*, and defaults to 20. + +When a limit is exceeded the client receives an HTTP 429 "Too many requests" response from the web server, and the connection is ended. +