TYPO3 Core

Some usecases:

• Throttle failed backend logins
• Throttle the amount of contact forms sent
• Throttle the amount of comments sent

So basically
Throttle <condition> <action>

We need an API for conditions and resulting actions when condition is matched

My TYPO3 website was just attacked by a bot with 1000s of requests which killed my db with an exception like: Connection failed with: "An exception occured in driver: Too many connections" | TYPO3\CMS\Core\Error\Http\ServiceUnavailableException thrown in file /vendor/typo3/cms/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php in line 932

I'm also using laravel for some projects and they have it implemented in the core with a middleware: https://github.com/illuminate/routing/blob/master/Middleware/ThrottleRequests.php

@Helmut Please check if you see this as related. Otherwise I can remove the comment.

I assume you are looking at incoming requests. I would also like to add outgoing requests - the mechanisms (API) used might be similar.

e.g. throttle outgoing HTTP requests in linkvalidator (and elsewhere?).

I think there may be other cases as well where outgoing requests are made.

I already added an issue Make linkvalidator crawling polite specifically for this, but if you are adressing this topic in general, that would be cool to consider that as well.

I see that as problematic if TYPO3 does not throttle outgoing HTTP requests, see also my comment https://forge.typo3.org/issues/89287#note-4

About the DOS attacks or too many requests - should that not be better handled elsewhere, preferably before the attacker reaches TYPO3 / PHP or even the webserver?

This basically a duplicate of #93825