From f7bca3546f00f3562221fad5a35e85b8112f4965 Mon Sep 17 00:00:00 2001 From: Mia Heidenstedt Date: Wed, 19 Jul 2023 21:05:24 +0200 Subject: [PATCH] Increase rate-limit for authenticated users on media proxy endpoints As reported in the issue, rate-limiting was causing issues for authenticated users who were viewing cached remote profiles with numerous media files that had expired on the local instance. With the current limit set at 30 requests per 10 minutes, users would quickly reach this limit, leading to HTTP 429 "Too many requests" errors. To remove this issue, I increased the rate limit for authenticated users on the media proxy endpoints to 100 requests per 5 minutes. This change should significantly improve the user experience, for users who are viewing old remote profiles. --- config/initializers/rack_attack.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb index d0af0fe9409..c30ac11b86d 100644 --- a/config/initializers/rack_attack.rb +++ b/config/initializers/rack_attack.rb @@ -82,6 +82,10 @@ class Rack::Attack req.authenticated_user_id if req.post? && req.path.match?(%r{\A/api/v\d+/media\z}i) end + throttle('throttle_authenticated_media_proxy', limit: 100, period: 5.minutes) do |req| + req.authenticated_user_id if req.path.start_with?('/media_proxy') + end + throttle('throttle_media_proxy', limit: 30, period: 10.minutes) do |req| req.throttleable_remote_ip if req.path.start_with?('/media_proxy') end