Implement request throttling/ rate limiting functionality and API
Our current brute force protection is non existent:
There are cases where specific functionality should be throttled, example: A user shouldn't hammer with 20 comments / second.
Task: Evaluate existing solutions (e.g. https://github.com/websoftwares/Throttle) and / or implement
a general throttling mechanism and provide API for extensions
Updated by Simon Schaufelberger over 2 years ago
My TYPO3 website was just attacked by a bot with 1000s of requests which killed my db with an exception like: Connection failed with: "An exception occured in driver: Too many connections" | TYPO3\CMS\Core\Error\Http\ServiceUnavailableException thrown in file /vendor/typo3/cms/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php in line 932
I'm also using laravel for some projects and they have it implemented in the core with a middleware: https://github.com/illuminate/routing/blob/master/Middleware/ThrottleRequests.php