Skip to content
GitLab
Verified Commit f078db32 authored by Jelle van der Waa's avatar Jelle van der Waa 🚧
Browse files

Rate limit our securit tracker 

Some people love to do 48 req/s to our tracker which causes ~100% cpu.
For now we allow 5req/sec with a burst of 10 requests.
parent 1d6ce928
Pipeline #11035 passed with stage
in 46 seconds
Hide whitespace changes
Inline Side-by-side
roles/security_tracker/templates/nginx.d.conf.j2
View file @ f078db32
# limit general requests to 5 r/s to block DoS attempts with a burst of 10.
limit_req_zone $binary_remote_addr zone=archseclimit:10m rate=5r/s;
limit_req_status 429;
upstream security-tracker {
server unix:///run/uwsgi/security-tracker.sock;
}
......@@ -46,5 +51,7 @@ server {
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log.json json_main;
include uwsgi_params;
uwsgi_pass security-tracker;
limit_req zone=archseclimit burst=10 nodelay;
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment