[Koha-bugs] [Bug 31242] Add rate-limiting to the REST API
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Jul 27 13:36:53 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31242
--- Comment #3 from Kyle M Hall <kyle at bywatersolutions.com> ---
(In reply to David Cook from comment #2)
> Maybe it does make sense to put the rate limiting in Starman just to keep
> things as simple as possible.
Yes, that was the idea. If it's baked in, it's less onerous for libraries.
> We could just put it in the builder for "/api/v1/app.pl", so it wouldn't
> affect the performance of the /opac and /intranet apps.
Is there a benefit to rate limiting everything? It hasn't been an issue lately
but back in the day I know we had an issue with "thrashing" where some
partner's browsers would DOS a server with requests for reasons we never
understood.
>
> The middlewares Kyle linked do look ancient though.
True, but if it works, it doesn't need updated!
> https://www.krakend.io/docs/endpoints/rate-limit/ poses some interesting
> points about rate limiting methods, especially whether to rate limit by
> endpoint or rate limit by endpoint * client IP address.
That *is* interesting! I seems more "fair" to do it by endpoint+ip, but really,
a system can only handle some much traffic no matter how fair it is. Now I'm
going to say it would be nice to have both of those, and for them to each be
configurable ;)
> One way or another, it would be good to have rate limiting I reckon.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list