Adding one more safety belt for potential DOS attacks
For cases, where request blocking is activated (returning 429 status code for repeate…
Show more
Adding one more safety belt for potential DOS attacksFor cases, where request blocking is activated (returning 429 statuscode for repeated requests), one more check was added: When such ablock happens more than 15 times in a minute on the same URL from thesame user, more requests for the same URL and user will be blockeduntil the minute is over. The user seese the message "This web serveris only open for interactive usage".Background: While request blocking works well for interactive users,it might not be sufficient for web clients running wild. Normally,after a 429, the user can reload the page to receive the content of apage. This leads to a sequence of requests of interleaved 200 and 429status codes, which might be ignored by a bot (or ad DOS attack). Whenthe requested page is slow, this can bring a server to its knees.When request blocking is deactivated, this change has no effect.
Show less