[
https://issues.apache.org/jira/browse/SYNCOPE-1976?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18089156#comment-18089156
]
ASF subversion and git services commented on SYNCOPE-1976:
----------------------------------------------------------
Commit 9e91350c09f9645777246c1e89604b709962de11 in syncope's branch
refs/heads/4_1_X from Massimiliano Perrone
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=9e91350c09 ]
[SYNCOPE-1976] Add configurable REST rate limiting (#1420)
> Add configurable REST rate limiting
> -----------------------------------
>
> Key: SYNCOPE-1976
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1976
> Project: Syncope
> Issue Type: Improvement
> Reporter: Massimiliano Perrone
> Assignee: Massimiliano Perrone
> Priority: Major
> Fix For: 4.0.7, 4.1.2, 5.0.0
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Introduce an optional rate limiting mechanism for Syncope REST APIs to reduce
> the impact of excessive request rates and basic L7 abuse scenarios.
> The feature should allow administrators to define request thresholds, time
> windows, temporary lock periods, and trusted/excluded clients.
> When a client exceeds the configured limit, Syncope should reject further
> requests with 429 Too Many Requests and provide retry guidance.
> IMO this feature should be disabled by default.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
