Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
+++ /dev/null
-== DoS Protection ==
-
-Here we add two ways to protect against denial of service attacks:
- * Limit concurrent search requests per client IP address
- ** This helps address issues of accidental spamming from a malfunctioning OPAC workstation, or web crawlers of various types. The limit is controlled by a global flag called *opac.max_concurrent_search.ip*. By default there is no limit set.
- * Limit the global concurrent search requests for the same query
- ** This helps address both simple and distributed DoS that send the same search request over and over. The limit is controlled by a global flag called *opac.max_concurrent_search.query*, and defaults to 20.
-
-When a limit is exceeded the client receives an HTTP 429 "Too many requests" response from the web server, and the connection is ended.
-
+++ /dev/null
-== Protect qtype CGI parameter ==
-
-Malicious DoS attempts have been witnessed in the wild making use of
-the fact that Evergreen does not check the contents of the qtype CGI
-parameter. While these fail their intent, it would be better to
-simply drop such searches on the floor when they're seen.
-
-Evergreen will now confirm that the search class in the qtype parameter
-is valid, and that the remainder of the value is structured correctly,
-before processing the search request.
-