Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rate limit requests to processor intensive pages #102

Open
drn05r opened this issue Oct 16, 2020 · 0 comments
Open

Rate limit requests to processor intensive pages #102

drn05r opened this issue Oct 16, 2020 · 0 comments
Assignees
Labels
enhancement New feature or request
Milestone

Comments

@drn05r
Copy link
Collaborator

drn05r commented Oct 16, 2020

Pages such as search, export and exportview can be quite processor intensive. If these come under a DDoS attack then it can prevent other users from accessing all pages. Rate limiting access to these pages would reduce the chances of a successful DDoS attack.

When a request is made to one of these pages after the limit is reached is should return a 503 temporarily unavailable should be returned. This will require creating a static page that can be served with this response.

Storing a log of requests to rate limited pages so the frequency of recent access can be calculated needs to be separate from the database, as often DDoS attacks hammer the database and so relying on this would be unwise. A single file storing request and time could work but would need flock to make sure only one process can write to it at a time, where it would add the latest request and remove older requests outside a specified time frame.

In the configuration there should be an array or pages that would be included in the rate limit count, a timeframe to count requests over and a maximum number of requests (for any of the pages) in that time frame.

@drn05r drn05r added the enhancement New feature or request label Oct 16, 2020
@drn05r drn05r added this to the 3.4.4 milestone Oct 16, 2020
@drn05r drn05r self-assigned this Feb 22, 2021
@drn05r drn05r modified the milestones: 3.4.4, 3.4.x Mar 17, 2022
@drn05r drn05r modified the milestones: 3.4.x, 3.5 Apr 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant