Massimiliano Perrone created SYNCOPE-1976:
---------------------------------------------
Summary: Add configurable REST rate limiting
Key: SYNCOPE-1976
URL: https://issues.apache.org/jira/browse/SYNCOPE-1976
Project: Syncope
Issue Type: Improvement
Reporter: Massimiliano Perrone
Assignee: Massimiliano Perrone
Fix For: 4.0.7, 4.1.2, 5.0.0
Introduce an optional rate limiting mechanism for Syncope REST APIs to reduce
the impact of excessive request rates and basic L7 abuse scenarios.
The feature should allow administrators to define request thresholds, time
windows, temporary lock periods, and trusted/excluded clients.
When a client exceeds the configured limit, Syncope should reject further
requests with 429 Too Many Requests and provide retry guidance.
IMO this feature should be disabled by default.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
