From feed07227ba9feb8def161dc127033016c749ac5 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Mon, 11 Dec 2017 15:32:29 +0100 Subject: Apply a 25x rate limit by IP even to authenticated requests (#5948) --- config/initializers/rack_attack.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb index 41db76929..b38fb302b 100644 --- a/config/initializers/rack_attack.rb +++ b/config/initializers/rack_attack.rb @@ -49,8 +49,8 @@ class Rack::Attack req.api_request? && req.authenticated_user_id end - throttle('throttle_unauthenticated_api', limit: 300, period: 5.minutes) do |req| - req.ip if req.api_request? && req.unauthenticated? + throttle('throttle_unauthenticated_api', limit: 7_500, period: 5.minutes) do |req| + req.ip if req.api_request? end throttle('protected_paths', limit: 5, period: 5.minutes) do |req| -- cgit