[Koha-bugs] [Bug 31242] Add rate-limiting to the REST API
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jul 28 12:50:52 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31242
--- Comment #5 from Kyle M Hall <kyle at bywatersolutions.com> ---
> I answered a query about horizontally scaling Koha, and I suppose if you
> were to horizontally scale Koha, you'd want your rate limiting to be done by
> your load balancer. But we can cross that bridge when we come to it too.
Yep, and nothing would prevent you from doing so! Just as any power use could
replace apache with nginx or some other frontend. Any rate limiting feature
could be turned off or set to an impossibly high threshold.
> If we rate limited everything (without IP checking), I think they'd still
> DOS Koha just by hitting the global rate limit.
Indeed. It's a nontrivial problem, especially when the DOSing pc is inside a
library or campus!
> We still occasionally have issues where out of control bots (usually benign
> crawlers) will DOS a Koha instance (not the whole server fortunately) by
> keeping Starman busy, but we have additional software that finds and blocks
> those.
Ooh, what are you using?
> In theory, we could install fail2ban alongside Koha and point it at Plack
> logs... (I suppose that is a different kind of rate limiting)
That's an interesting idea!
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list