sorry, I had trouble mentally parsing the first paragraph of your reply for a sec…
There is no way that it is possible for a single XHTTP GET request from a front end at a time would cause a DDOS attack on a back-end just because there are multiple URL params being sent to the back-end in a single GET request. The only way a DDOS attack is possible is if someone repeatedly fired off TONS of GET requests in succession without resting in between requests which would be pretty normal for the rests to occur if it was a human pressing a button to actually execute a search action. Its also physically impossible for normal human user traffic to cause a DDOS attack unless there was some crazy brand new ultra popular game that was released and everyone and their mother, their niece’s pet goldfish and the family’s pet dog all swarmed the site to download the sparkly new ultra popular game all at once (I’m pretty sure this type of thing only happened with games like Palworld and other major games that took the gaming community by storm). But under normal circumstances, a DDOS attack would be carried out by a hacker using a bot that repeatedly fires off nearly a thousand or more server requests at a time which overwhelms the server by pulling enough resources to crash the website.
I’m pretty confident the normal generic human usage of the site would never cause the symptoms of a DDOS attack on the itch.io servers just because the website devs were to add a multi-tag exclusion system to the website… I just can’t see that being technologically possible with normal human usage. That said, there are those freak incidents where a ultra mega popular game getting launched could cause a sudden rush of users flooding the site to download the game on release day… but even on shops like Steam which likely has a much more robust back-end infrastructure than what itch.io is rocking behind the scenes, most of the time it just leads to significant lag on the site and not a full-blown site crash. No clue what itch.io’s server-side infrastructure is setup like since I don’t work there, but I seriously doubt adding a multi-tag exclusion system would have any effect on the usability and stability of the site.
































