Enable cache Security Tracker
We got quite a few scans on the /all.json
path for security tracker from different IPs. This makes the server having high CPU load and eventually nginx struggling to server anything. We implemented rate limiting before but the issue persists.
The assumption is that the json is gzipped before send to the client and this cause high CPU load for each request. As a solution suggesting enable uwsgi cache on /all.json requests with a 5m lifetime.
Caveat: The backend currently doesn't support cache invalidation but it can come later. Worst case is that clients would get the vulnerabilities with a 5 mins delay max.