Revert "Update throttling policy following prod testing"

2877ea1 Although this is effective at decreasing bad actors, it's also blocking good ones. The server-level blocks have improved so we can dial back the app-level ones.
berkmancenter · Apr 11, 2019 · 7851df8 · 7851df8
1 parent 2877ea1
commit 7851df8
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/config/initializers/rack-attack.rb b/config/initializers/rack-attack.rb
@@ -45,12 +45,12 @@ class Rack::Attack
     req.ip if req.env['HTTP_ACCEPT'] == 'application/json' || req.env['CONTENT_TYPE'] == 'application/json' || req.path.include?('json')
   end
 
-  throttle('request limit', limit: 6, period: 1.minute) do |req|
+  throttle('request limit', limit: 10, period: 1.minute) do |req|
     Rails.logger.debug "[rack-attack] request limit ip: #{req.ip}, content_type: #{req.content_type}"
     req.ip
   end
 
-  throttle('request limit', limit: 15, period: 10.minutes) do |req|
+  throttle('request limit', limit: 30, period: 1.hour) do |req|
     Rails.logger.debug "[rack-attack] request limit ip: #{req.ip}, content_type: #{req.content_type}"
     req.ip
   end