search

melmothx / amusewiki

Text::Amuse-based publishing platform
https://amusewiki.org
Other
169 stars 26 forks source link

`/git` endpoint DoS #446

Closed aphick closed 6 months ago

aphick commented 8 months ago

Our instance was victim to a severe DoS attack this morning, with over 200,000 requests hitting /git/en/log/ resulting in 100% CPU usage by the cgit process. As a temporary workaround we have added the stanza below to block all requests to that endpoint. Could simply require adjustment to the Nginx config, but that should be documented somewhere.

location /git {
  deny all;
}
melmothx commented 8 months ago

A @.***> writes:

Our instance was victim to a severe DoS attack this morning, with over 200,000 requests hitting /git/en/log/ resulting in 100% CPU usage by the cgit process. As a temporary workaround we have added the stanza below to block all requests to that endpoint. Could simply require adjustment to the Nginx config, but that should be documented somewhere.

location /git {
  deny all;
}

Well, that would cut legit user out as well.

There's an option in the admin to make the /git endpoint accessible to logged in only: "View history (CGIT)"

-- Marco