[FOLIO-3615] Spike - possible protection mechanisms on web server or network traffic level Created: 20/Oct/22 Updated: 20/Jul/23 |
|
| Status: | Open |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Task | Priority: | TBD |
| Reporter: | Axel Dörrer | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | security, security-reviewed | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Sprint: | |
| Development Team: | None |
| RCA Group: | TBD |
| Description |
OverviewIntentional or unintentional massive multiple requests to Okapi and modules that are not protected by permissions can cause denials of service. This spike should explore options and tools outside the application layer. The results may lead to best practice documentation for implementers.
Links to additional info https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-http/ https://github.com/SpiderLabs/ModSecurity/ tbc
The purpose of this spike is to do investigation if malicious multiple requests can be filtered outside the FOLIO application level without harming valid requests nor restrict any functionality. Acceptance Criteria
|