Hi all, We are doing different tests in our DSpaces and one is do a DoS attack, requesting many times the homepage, and we discovered that all PostgreSQL connections are locked so fast. At first we did this with a script developed to do fast requests, but later we've tried to block these DSpaces with manual requests and also works well. Our DSpaces are modified, so finally we tried to do this process onto DSpace demo ( http://demo.dspace.org/xmlui/) to be sure that it's a DSpace problem, and also goes down with this work, but only in XMLUI, not in JSPUI. We suspect that every homepage request triggers an SQL query to get communities list, and seems this query is too slow, blocking one of the available PostgreSQL connections. If you do this many times, fastly you block all connections available and DSpace is not allowed to open another, showing the following message error:
Java stacktrace: java.util.NoSuchElementException: Timeout waiting for idle object In our dspace.cfg have this: # Maximum number of DB connections in pool db.maxconnections = 30 Increasing this number we will resolve the problem of blocking all PostgreSQL connections manually (is difficult to do 100 fast requests before the first requests are served) but the problem remains, because if anyone wants to get down our repositories (or another DSpace) they only must run one of this scripts available and instantly gets a blank page. Anyone noticed this problem and knows how can we prevent this attacks? Thanks in advance, Rubén -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
