Rate limit mediawiki API endpoint
Our API endpoint was being abused by a malicious user which send about 20 req/s, as php-fpm uses a pool of workers this easily over burdens them and also gives the server a constant 100% CPU load.
Applying a rate limit succesfully negates this issue.
Merge request reports
Activity
- Resolved by Kristian Klausen
Actually, with
burst=10it does not matter much for my bot if the rate is 10 r/s or e.g. 5 r/s. It limits itself to making at most 10 requests per 3 seconds, so withburst=10it won't even get the 429, only the requests that were sent too soon will take up to 200 ms instead of 100 ms longer to serve. But that's not a considerable slowdown, the bot would sleep for up to 3 seconds after 10 requests anyway. So I think you can lower the rate even further if needed.Have you considered using the
delayparameter? Based on this post I think a config likerate=5r/s burst=10 delay=5would make sense. - Last reply by Kristian Klausen
added 12 commits
-
bc27af41...b2098fb9 - 11 commits from branch
master - ebfc413e - Rate limit mediawiki API endpoint
-
bc27af41...b2098fb9 - 11 commits from branch
mentioned in issue #328
added 5 commits
-
ebfc413e...53520a8a - 4 commits from branch
master - dbd68aa2 - Rate limit mediawiki API endpoint
-
ebfc413e...53520a8a - 4 commits from branch
mentioned in commit aa37e4aa
