Adobe于近日向开发者正式推送2.4.3版本,此版本在安全性方面做了大量改进
在M2.4.3版本中,API调用及使用频率均可以限制,防止DDOS及大规模流量攻击,具体更新及补丁安装详情参见
https://support.magento.com/hc/en-us/articles/4406893342093
邮件全文
Please review the following announcement. To see the entire list, log into Adobe Commerce Developer Portal and click on the Resources option on the top menu bar.
Adobe Commerce 2.4.3 rate limiting feature
Dear Adobe Commerce developer,
Please read below for information about a recent change that may impact your extensions.
In 2.4.3 we introduced built-in rate limiting to Magento APIs to prevent denial-of-service (DoS) attacks.
By default, the following built-in API rate limiting is available:
· REST requests containing inputs representing a list of entities are limited to a default maximum of 20 entities;
· REST and GraphQL queries that allow paginated results are limited to a default maximum of 300 items per page.
These defaults can be configured and the instructions to do so can be found here.
This feature was added with an intent to prevent DoS attacks by imposing restriction on the number of resource that can be requested by a Web-API in single request. However we do realize that this change may impact extensions who update thousands of products via a single API request.
In order to resolve the concern we have released a hotfix that reverts these defaults to a higher value. Adobe recommends lowering the default input limits to a lower value if you experience a DoS attack or if you are not impacted by this change. A Knowledge Base article detailing the problem and the solution can be found here: "https://support.magento.com/hc/en-us/articles/4406893342093".
Thank you for being a part of the Adobe Commerce community.
Best Regards,
The team at Adobe.