Skip to content

Commit e475a10

Browse files
sydsetersydseter
authored
Update index.md
1 parent 6ae8af8 commit e475a10

File tree

1 file changed

+2
-1
lines changed
  • cornucopia.owasp.org/data/website/pages/copi/en

1 file changed

+2
-1
lines changed

cornucopia.owasp.org/data/website/pages/copi/en/index.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -257,7 +257,8 @@ Given that a threat actor can execute a distributed denial of service attack a
257257

258258
#### What are we going to do about it?
259259

260-
We are not working towards implementing any specific controls to prevent DoS attacks against copi.owasp.org, but we are working on implementing rate limiting on the creating of games and players (see: [issues/1877](https://github.com/OWASP/cornucopia/issues/1877)). Most probably, it would be impossible to stop a distributed denial of service attack if executed properly. When we did load testing against copi.owasp.org, we found that the application could handle 20.000 request per min. If we went higher then that, Cloudflare, that host the DNS, would identify us as a DoS actor and return HTTP status 520. Still, conceptually, you could execute a DoS from one million machines and deny access to the application for other users. Even though this is a risk, we accept it. If you are worried about distributed DoS, please host the application on a private network or IP whitelist access to the application.
260+
We are not working towards implementing any specific controls to prevent DoS attacks against copi.owasp.org. Most probably, it would be impossible to stop a distributed denial of service attack if executed properly. When we did load testing against copi.owasp.org, we found that the application could handle 20.000 request per min. If we went higher then that, Cloudflare, that host the DNS, would identify us as a DoS actor and return HTTP status 520. Still, conceptually, you could execute a DoS from one million machines and deny access to the application for other users. Even though this is a risk, we accept it. If you are worried about distributed DoS, please host the application on a private network or IP whitelist access to the application.
261+
If you are hosting Copi yourself please set the rate limiting according to your needs (see: [SECURITY.md](https://github.com/OWASP/cornucopia/blob/master/copi.owasp.org/SECURITY.md)).
261262

262263
### Did we do a good job?
263264

0 commit comments

Comments
 (0)