From e581c85fc0a354fb7e22a083873a96a1346bbe8c Mon Sep 17 00:00:00 2001
From: Jelle van der Waa <jelle@archlinux.org>
Date: Sun, 2 Jun 2024 13:00:33 +0200
Subject: [PATCH] archweb: limit to 10 requests / second

In reality the uwsgi endpoint gets hit with only 1 request on a normal
page load so 20 requests is way to lenient.
---
 roles/archweb/templates/nginx.d.conf.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/archweb/templates/nginx.d.conf.j2 b/roles/archweb/templates/nginx.d.conf.j2
index d23c418e2..76bd944cd 100644
--- a/roles/archweb/templates/nginx.d.conf.j2
+++ b/roles/archweb/templates/nginx.d.conf.j2
@@ -1,8 +1,8 @@
 # limit rss requests to 1 r/m
 limit_req_zone $binary_remote_addr zone=rsslimit:8m rate=1r/m;
 
-# limit general requests to 20 r/s to block DoS attempts.
-limit_req_zone $binary_remote_addr zone=archweblimit:10m rate=20r/s;
+# limit general requests to 10 r/s to block DoS attempts.
+limit_req_zone $binary_remote_addr zone=archweblimit:10m rate=10r/s;
 
 limit_req_status 429;
 
-- 
GitLab