Apply a 25x rate limit by IP even to authenticated requests (#5948)

2017-12-11 15:32:29 +01:00 · 2017-12-11 15:32:29 +01:00 · feed07227b
commit feed07227b
parent e56323a4dd
2 changed files with 4 additions and 4 deletions
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@ -49,8 +49,8 @@ class Rack::Attack
    req.api_request? && req.authenticated_user_id
  end

-  throttle('throttle_unauthenticated_api', limit: 300, period: 5.minutes) do |req|
-    req.ip if req.api_request? && req.unauthenticated?
+  throttle('throttle_unauthenticated_api', limit: 7_500, period: 5.minutes) do |req|
+    req.ip if req.api_request?
  end

  throttle('protected_paths', limit: 5, period: 5.minutes) do |req|