[Koha-bugs] [Bug 31242] Add rate-limiting to the REST API
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Jul 29 01:40:24 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31242
--- Comment #6 from David Cook <dcook at prosentient.com.au> ---
(In reply to Kyle M Hall from comment #5)
> Yep, and nothing would prevent you from doing so! Just as any power use
> could replace apache with nginx or some other frontend. Any rate limiting
> feature could be turned off or set to an impossibly high threshold.
Yeah I was thinking the same thing. So long as we make things
optional/configurable, it's all good.
> > We still occasionally have issues where out of control bots (usually benign
> > crawlers) will DOS a Koha instance (not the whole server fortunately) by
> > keeping Starman busy, but we have additional software that finds and blocks
> > those.
>
> Ooh, what are you using?
A combo of fail2ban and custom scripts. It can always use tweaking!
> > In theory, we could install fail2ban alongside Koha and point it at Plack
> > logs... (I suppose that is a different kind of rate limiting)
>
> That's an interesting idea!
Right? I feel like it would be tough to get it right though.
--
In any case, one of those Plack middlewares for the "api" app in plack.psgi is
probably a good place to start? I mean it is better than the current situation
at the very least.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list