novaburst/funquail
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

See #261: Added a rate-limiting (throttling system) to limit the number of requests handled per user/IP

Browse source
This commit is contained in:
Eliot Berriot 2019-09-17 11:23:59 +02:00
commit d28bf65d00
20 changed files with 1077 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

1
changes/changelog.d/261.feature Normal file
View file

@ -0,0 +1 @@
Enforce a configurable rate limit on the API to mitigate abuse (#261)

12
changes/notes.rst
View file

@ -149,3 +149,15 @@ Then reload nginx with ``systemctl reload nginx``.
}
Then reload nginx with ``docker-compose restart nginx``.
Rate limiting
^^^^^^^^^^^^^
With this release, rate-limiting on the API is enabled by default, with high enough limits to ensure
regular users of the app aren't affected. Requests beyond allowed limits are answered with a 429 HTTP error.
For anonymous requests, the limit is applied to the IP adress of the client, and for authenticated requests, the limit
is applied to the corresponding user account. By default, anonymous requests get a lower limit than authenticated requests.
You can disable the rate-limiting feature by adding `THROTTLING_ENABLED=false` to your ``.env`` file and restarting the
services. If you are using the Funkwhale API in your project or app and want to know more about the limits, please consult https://docs.funkwhale.audio/swagger/.