Skip to content

Add basic rate limit implementation #2665

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jjnesbitt wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Add basic rate limit implementation #2665

jjnesbitt wants to merge 7 commits into from

Conversation

@jjnesbitt
Copy link
Member

@jjnesbitt jjnesbitt commented Dec 8, 2025
edited
Loading

Partially addresses #1902

This PR adds basic rate limiting via DRF throttling. This is a very permissive version of rate limiting, imposing a rate limit only for anonymous users. This limit is also purposefully set above any number I could obtain through local usage of the GUI. The point of this first step of implementation is not to be a full solution, but to protect against the most extreme of use cases, with no impact on existing legitimate users, anonymous or otherwise.

This is very similar in implementation to a previous attempt we had made to introduce rate limiting, although that was sort of made in response to a crisis. The current circumstances and implementation are slightly different, in the following ways:

  1. The crux of the issue in the previous implementation was that the asset list endpoint was very slow, which meant that a trivial amount of requests to it could cause a DOS. Rate limiting cannot prevent this effectively. The asset list endpoint has been fixed, so this limitation no longer exists.
  2. The previous implementation only applied to the asset list endpoint, while this implementation applies to all API requests.

@jjnesbitt jjnesbitt requested a review from waxlamp December 8, 2025 21:30
@jjnesbitt jjnesbitt force-pushed the rest-framework-throttling branch from d9fb51b to 9707d6e Compare December 8, 2025 21:32
@jjnesbitt jjnesbitt force-pushed the rest-framework-throttling branch from 9707d6e to f50df77 Compare December 8, 2025 21:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@waxlamp waxlamp Awaiting requested review from waxlamp

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jjnesbitt