mirror/ infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-05-27 03:06:04 +02:00
Code Issues

Rate limit our securit tracker 

Some people love to do 48 req/s to our tracker which causes ~100% cpu.
For now we allow 5req/sec with a burst of 10 requests.
This commit is contained in:
Jelle van der Waa 2021-09-01 22:13:11 +02:00
parent 1d6ce92890
commit f078db3241
No known key found for this signature in database
GPG Key ID: C06086337C50773E
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
roles/security_tracker/templates/nginx.d.conf.j2
View File

@ -1,3 +1,8 @@
# limit general requests to 5 r/s to block DoS attempts with a burst of 10.
limit_req_zone $binary_remote_addr zone=archseclimit:10m rate=5r/s;
limit_req_status 429;
upstream security-tracker {
server unix:///run/uwsgi/security-tracker.sock;
}
@ -46,5 +51,7 @@ server {
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log.json json_main;
include uwsgi_params;
uwsgi_pass security-tracker;
limit_req zone=archseclimit burst=10 nodelay;
}
}