https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39109 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au --- Comment #1 from David Cook <dcook@prosentient.com.au> --- (In reply to Kyle M Hall (khall) from comment #0)
Botnets and web spiders can easily bring a Koha instance down. We should implement optional rate limiting in Koha. It appears there are two plack middlewares we could use: https://metacpan.org/pod/Plack::Middleware::Throttle or https://metacpan.org/pod/Plack::Middleware::Throttle::Lite
Throttle supports memcached as a backend, but is more complex. Lite uses an in-memory backend, but has fewer dependencies.
I was inspired by Plack::Middleware::Throttle to write my own Koha::Middleware::Throttle. It uses memcached as the storage backend, and its expiring keys mechanism means it is self-managing, which is great. My version does use some local custom code for managing configuration in a more flexible way, so I'll need to strip that out, but it's still useful without it. Happy to share my work here. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.