Rate-limiting the endpoints #2
Description
The following command will spam the console with access logs if logging is enabled in config.yml. Note: The below command assumes the server is running on localhost.
for n in {1..50}; do curl http://localhost:27192/api/list/; done
If the logging feature is to be used explicitly for development purposes, this is working as intended. I believe that logging could also be useful for maintenance/auditing purposes, in which case server owners would likely leave logging enabled permanently.
Where DoS attacks are a concern, server owners can deploy their own more robust solutions. However, for the sake of keeping logs readable, it could be beneficial to implement at least a primitive form of rate-limiting.