about summary refs log tree commit diff
path: root/config/initializers/rack_attack.rb
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2017-12-11 15:32:29 +0100
committerGitHub <noreply@github.com>2017-12-11 15:32:29 +0100
commitfeed07227ba9feb8def161dc127033016c749ac5 (patch)
tree1cc057a237e2987b4b54cca6dde954ee0df737de /config/initializers/rack_attack.rb
parente56323a4dd3048fa6f46590052bcba75d82b3317 (diff)
Apply a 25x rate limit by IP even to authenticated requests (#5948)
Diffstat (limited to 'config/initializers/rack_attack.rb')
-rw-r--r--config/initializers/rack_attack.rb4


1 files changed, 2 insertions, 2 deletions
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
index 41db76929..b38fb302b 100644
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -49,8 +49,8 @@ class Rack::Attack
     req.api_request? && req.authenticated_user_id
   end
 
-  throttle('throttle_unauthenticated_api', limit: 300, period: 5.minutes) do |req|
-    req.ip if req.api_request? && req.unauthenticated?
+  throttle('throttle_unauthenticated_api', limit: 7_500, period: 5.minutes) do |req|
+    req.ip if req.api_request?
   end
 
   throttle('protected_paths', limit: 5, period: 5.minutes) do |req|

 

generated by cgit-pink  (git 2.37.1) at 2024-06-02 05:55:51 +0000