Skip to content

Commit

Permalink
FEATURE: Add global rate limit for anon searches (#10208)
Browse files Browse the repository at this point in the history
  • Loading branch information
@xfalcox
xfalcox committed Jul 9, 2020
1 parent 79b52b1 commit e866e3d
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 3 deletions.
3 changes: 2 additions & 1 deletion app/controllers/search_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,8 @@ def rate_limit_search
if current_user.present?
RateLimiter.new(current_user, "search-min", SiteSetting.rate_limit_search_user, 1.minute).performed!
else
RateLimiter.new(nil, "search-min-#{request.remote_ip}", SiteSetting.rate_limit_search_anon, 1.minute).performed!
RateLimiter.new(nil, "search-min-#{request.remote_ip}", SiteSetting.rate_limit_search_anon_user, 1.minute).performed!
RateLimiter.new(nil, "search-min-anon-global", SiteSetting.rate_limit_search_anon_global, 1.minute).performed!
end
rescue RateLimiter::LimitExceeded => e
return e
Expand Down
5 changes: 4 additions & 1 deletion config/site_settings.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1548,7 +1548,10 @@ rate_limits:
rate_limit_create_post: 5
rate_limit_new_user_create_topic: 120
rate_limit_new_user_create_post: 30
rate_limit_search_anon:
rate_limit_search_anon_global:
hidden: true
default: 150
rate_limit_search_anon_user:
hidden: true
default: 15
rate_limit_search_user:
Expand Down
2 changes: 1 addition & 1 deletion spec/requests/search_controller_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@
context 'rate limited' do
before do
SiteSetting.rate_limit_search_user = 3
SiteSetting.rate_limit_search_anon = 2
SiteSetting.rate_limit_search_anon_user = 2
end

it 'rate limits searches' do
Expand Down

2 comments on commit e866e3d

@discoursereviewbot
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SamSaffron posted:

Thanks @falco lets add a test for this new setting

@discoursereviewbot
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rafael Dos Santos Silva posted:

Done in https://review.discourse.org/t/dev-fix-search-rate-limit-tests/13284?u=falco

Please sign in to comment.