-
-
Notifications
You must be signed in to change notification settings - Fork 277
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rate Limit API calls #5122
Comments
@dakotabenjamin if it is possible to share current API usage based on the Tasking Manager usage on large mapathons? |
Findings after exploration this week: Side effects
Library to use: Rate Limit strategy: To Discuss:
References: Open source flask applications with flask_limiter: |
@petya-kangalova if we know a date/time period to check we have monitoring for this @Aadesh-Baral agree on all points. Let's discuss at next meeting to start analysing endpoints for usage and computational "cost". Much of this can be determined through New Relic or internal database insights. |
Is your feature request related to a problem? Please describe.
There is currently nothing stopping someone from performing a DOS attack unintentionally by writing a script that GETs big projects (MBs of data, in some cases) in a loop and overloads the database connections. We would not know which user (even if they are using an authentication token!) is performing the requests, or have a way to stop it. This is a risk for reliability of the website.
Describe the solution you'd like
We would need to implement a rate limiting feature at least for the weightier requests. In addition we could also begin to attach user id info to requests as well in the logging system.
Describe alternatives you've considered
I am wondering if a package like https://flask-limiter.readthedocs.io/en/stable/ would work
The text was updated successfully, but these errors were encountered: