[OAI-implementers] Dangers of OAI

Simeon Warner simeon at cs.cornell.edu
Thu Mar 22 17:41:10 EDT 2007

If someone follows the protocol you can throttle OAI requests using 503 
responses (see: 
We use this at arXiv but hope to get rid of it soon as we change our 
infrastructure to allow us to support OAI more efficiently. Answering OAI 
requests should be quite cheap.

If someone doesn't follow the protocol then you are, as always, left 
monitoring the logs and adding a rule to your firewall in extreme cases. I 
don't think there will ever be any way around that.


On Thu, 22 Mar 2007, Torsten Schaßan wrote:
> Dear all,
> today in my institution we had a long discussion about the implementation of 
> an OAI interface and the possible dangers of OAI: how to prevent 
> denial-of-service-like numbers of harvester requests?
> What experiences do you have with such things as OAI doesn't have any 
> precaution to prevent something like this? Did you ever experience problems 
> for your servers or are there any measures we could implement and which we 
> have overlooked?
> Best, Torsten
> _______________________________________________
> OAI-implementers mailing list
> List information, archives, preferences and to unsubscribe:
> http://www.openarchives.org/mailman/listinfo/oai-implementers

More information about the OAI-implementers mailing list