Rate limit requests by IP
4d0935ba5e69
Actions

Authored by epriestley <git@epriestley.com> on Apr 9 2014, 03:36.

Description

Rate limit requests by IP

Summary:
Fixes T3923. On secure.phabricator.com, we occasionally get slowed to a crawl when someone runs a security scanner against us, or 5 search bots decide to simultaneously index every line of every file in Diffusion.

Every time a user makes a request, give their IP address some points. If they get too many points in 5 minutes, start blocking their requests automatically for a while.

We give fewer points for logged in requests. We could futher refine this (more points for a 404, more points for a really slow page, etc.) but let's start simply.

Also, provide a mechanism for configuring this, and configuring the LB environment stuff at the same time (this comes up rarely, but we don't have a good answer right now).

Test Plan: Used ab and reloading over and over again to hit rate limits. Read documentation.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: chad, epriestley

Maniphest Tasks: T3923

Differential Revision: https://secure.phabricator.com/D8713

Details

Committed

epriestley <git@epriestley.com>

Apr 9 2014, 03:36

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPH597c6c07f712: Switch back to janky array copying

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH4d0935ba5e69: Rate limit requests by IP (authored by epriestley <git@epriestley.com>).Apr 9 2014, 03:36

Changes (5)

				Path
	M			.gitignore
	M			src/docs/user/configuration/configuration_guide.diviner
	A			src/docs/user/configuration/configuring_preamble.diviner
	M			support/PhabricatorStartup.php
	M			webroot/index.php