[OAI-implementers] Dangers of OAI
Gary McGath
gary at hulmail.harvard.edu
Tue Mar 27 08:51:25 EDT 2007
Torsten Schaßan wrote:
> Dear all,
>
> today in my institution we had a long discussion about the
> implementation of an OAI interface and the possible dangers of OAI: how
> to prevent denial-of-service-like numbers of harvester requests?
>
> What experiences do you have with such things as OAI doesn't have any
> precaution to prevent something like this? Did you ever experience
> problems for your servers or are there any measures we could implement
> and which we have overlooked?
On our server for Virtual Collections (not yet publicly announced, but
waiting only for a content switch setup), we have some code to delay
responses by a few seconds if traffic gets too heavy. No more than a
specified number of requests will be answered in a given time period;
the others will be queued up.
This is intended mostly to prevent impact on other services which
involve more direct human interaction, but also has an eye toward
denial-of-service attacks. If legitimate traffic gets too heavy for
short periods, that's a friendlier response than 503.
--
Gary McGath
Digital Library Software Engineer
Harvard University Libraries, Office for Information Systems
More information about the OAI-implementers
mailing list