Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bot prevention : IP limit filter #316

Open
GoulvenF opened this issue Apr 2, 2024 · 0 comments
Open

Bot prevention : IP limit filter #316

GoulvenF opened this issue Apr 2, 2024 · 0 comments
Labels
feature New feature or request good first issue Can be achieved without a specific knowledge of the open4goods / nudger project help wanted Would be so happy to have someone contributing on this topic ! java Pull requests that update Java code

Comments

@GoulvenF
Copy link
Contributor

GoulvenF commented Apr 2, 2024
edited
Loading

Version française (google translate)

Problem

  • Some bot are grabbing us. Ok, that's not a big problem, we are quiet open ;)
  • but we have to provide some "bot access control" features, to prevent fronts and backs outages
  • we will also need this kind of feature for the B2B API

Solution

  • Implement a cool spring filter, that allows a MAX_REQUEST_PER_IP limit, that whitelist known bots, ...
  • Will redirect to a captcha protected page (done in Contact page KO : The captcha problem #315 ) to reinit the counter in case when limits are reached

Requisites

  • must be a generic and well documented mechanism, to be able to use it easily in new controlers / endpoints that must be bot protected.

  • must be configurable, with limits (count and time window)

  • must provides a IP whitelisting mechanism , to inject authorized engines ips (bots adress will be handled in a separate service )

  • must provides a IP blacklisting mechanism , to inject forbidden engines ips (bots adress will be handled in a separate service )

  • should be a spring approach, or something that can easily be applied in spring context

Tips / work tracks

  • Can have a look at the commented commons/src/main/java/org/open4goods/filter/QuotasFilter.java, a old legacy implementation of this kind of stuf
  • maybe something exists, or could be a new, separate spring boot starter project ?
@GoulvenF GoulvenF added feature New feature or request good first issue Can be achieved without a specific knowledge of the open4goods / nudger project help wanted Would be so happy to have someone contributing on this topic ! java Pull requests that update Java code labels Apr 2, 2024
@GoulvenF GoulvenF mentioned this issue Apr 3, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature New feature or request good first issue Can be achieved without a specific knowledge of the open4goods / nudger project help wanted Would be so happy to have someone contributing on this topic ! java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoulvenF