New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add rate limiting to API calls #1479

Open

spwoodcock opened this issue Apr 25, 2024 · 0 comments

Labels

Milestone

!FMTM 2024.04 Rel...

Member

spwoodcock commented Apr 25, 2024

Is your feature request related to a problem? Please describe.

After we add a task queue, Redis will be part of our stack.
We can also use Redis to effectively handle rate limiting.

Describe the solution you'd like

Rate limiting should be implementing based on:
- Number of requests from an IP address per minute.
- Possibly total number of requests per minute to avoid DDOS?

Describe alternatives you've considered

We could add something like fail2ban to the Nginx proxy, which isn't a bad idea.

Additional context

For most endpoint we are protected by login_required, making distributed attacks harder.
But we do have some unprotected endpoints out of necessity, so this is a moot point.

The text was updated successfully, but these errors were encountered:

spwoodcock added backend devops labels

spwoodcock added this to the !FMTM 2024.04 Release (June) milestone

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment