[
https://issues.apache.org/jira/browse/SYNCOPE-1976?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18089147#comment-18089147
]
ASF subversion and git services commented on SYNCOPE-1976:
----------------------------------------------------------
Commit 7b70556c283b6375f91c9a77bff75184bed059b9 in syncope's branch
refs/heads/master from Massimiliano Perrone
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=7b70556c28 ]
[SYNCOPE-1976] Add configurable REST rate limiting (#1420)
> Add configurable REST rate limiting
> -----------------------------------
>
> Key: SYNCOPE-1976
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1976
> Project: Syncope
> Issue Type: Improvement
> Reporter: Massimiliano Perrone
> Assignee: Massimiliano Perrone
> Priority: Major
> Fix For: 4.0.7, 4.1.2, 5.0.0
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Introduce an optional rate limiting mechanism for Syncope REST APIs to reduce
> the impact of excessive request rates and basic L7 abuse scenarios.
> The feature should allow administrators to define request thresholds, time
> windows, temporary lock periods, and trusted/excluded clients.
> When a client exceeds the configured limit, Syncope should reject further
> requests with 429 Too Many Requests and provide retry guidance.
> IMO this feature should be disabled by default.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
