From 05d9a2b22adc64b7b50f2faf932af06d2bda0626 Mon Sep 17 00:00:00 2001
From: April Rieger <april.rieger@yahoo.com>
Date: Thu, 11 Jun 2026 09:46:42 -0700
Subject: [PATCH] Add rack attack enabled by env vars and add the healthcheck
 for web pod to help with bot mitigation

---
 docker-compose.production.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docker-compose.production.yml b/docker-compose.production.yml
index e696b4b..8542e32 100644
--- a/docker-compose.production.yml
+++ b/docker-compose.production.yml
@@ -5,6 +5,8 @@ x-app: &app
     - .env.production
   environment:
     - MAGICK_CONFIGURE_PATH=/etc/ImageMagick-7
+    - HYKU_ATTACK_RATE_THROTTLE_OFF=false
+    - HYKU_ATTACK_RATE_LIMIT=10
   volumes:
     - .:/app/samvera
     - /store/keep/derivatives:/app/samvera/derivatives
@@ -190,6 +192,12 @@ services:
     ports:
       - 3000:3000
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "curl -fsS http://localhost:3000/up || exit 1"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 60s
 
   worker:
     <<: *app-worker