[Koha-bugs] [Bug 31242] Add rate-limiting to the REST API
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Jul 27 08:02:43 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31242
--- Comment #1 from David Cook <dcook at prosentient.com.au> ---
On Bug 25870, Tomas suggested Apache for rate-limiting, while Kyle suggested
Plack middleware to keep the rate-limiting in the Koha app.
I'll throw some API Gateway options into the mix:
https://konghq.com/
https://www.krakend.io/
(I use Kong for managing complex security requirements around APIs on other
projects. I've been wanting to try out KrakenD for a while as it apparently is
faster and lighter weight overall.)
--
Overall, I'd say that Apache - in its role as reverse proxy to Starman - is the
place to do rate limiting. It's almost certainly going to be more efficient
than Starman, and there's no point letting in traffic to Starman if we're just
going to block it.
That said, a quick Google doesn't really show any good Apache options. I think
mod_security might be one way which is available but it has a questionable past
and future I think.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list