On 4/14/20 6:25 PM, Jason Sherman wrote: > Hi there, > > I was wondering if you were planning on exposing some kind of rate-limiting > option for the web proxies in horizon? I'm thinking this will effectively mean > no more rate-limiting per remote address at the instance level. Every once in > a > while, our project gets hammered by script kiddies and our application service > gets brought down. I've gone ahead and implemented rate limiting in nginx that > has a very high limit set across all ip addresses that should basically work, > but typically I would set the limits to be per-client-ip to the extent allowed > by the practicalities of NAT. This is not a blocker in any way for us, and I'd > rather make do with less user info wherever possible. >
Hi there! What you did seems correct to me, that is, implementing the controls on your own servers. That being said, I understand your concern. We have mechanisms in place for banning concrete abusers. If we detected a more wide-spread problems we could introduce other mechanisms and controls to ensure service availability. Should you detect someone is hammering your servers in CloudVPS, please contact us. regards. -- Arturo Borrero Gonzalez SRE / Wikimedia Cloud Services Wikimedia Foundation _______________________________________________ Wikimedia Cloud Services mailing list Cloud@lists.wikimedia.org (formerly lab...@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/cloud
