Comment 8 for bug 1361782

... and, 7 years later, I have a branch that should move us in the right direction to mitigate these sorts of problems. Branch at security/user/miker/lp-1361782-restrict-concurrent-searches and from the commit message:

This commit adds two types of simple DoS protection:

* Limit concurrent search requests per client IP address, regardless of the searches being performed. This helps address issues of accidental spamming from a malfunctioning OPAC workstation, or crawlers of various types. The limit is controlled by a global flag called "opac.max_concurrent_search.ip".

* Limit the global concurrent search requests for the same query. This helps address both simple and distributed DoS that send the same search request over and over. The limit is controlled by a global flag called "opac.max_concurrent_search.query", and defaults to 20. When the limit is exceeded in either case the client receives an HTTP 429 "Too many requests" response from the web server, and the connection is ended.