After opening the emoji selector in the post editor, discourse throws users out once they load a page again (like after submitting a post).
429 Too Many Requests
Your IP address has made too many requests to this service over a short amount of time. Please wait a few minutes and try again.
If you are behind a proxy or coming from a large company, you and many other users may appear to be the same person. Please let us know of recurring problems by email: team@discourse.org
It seems it was not the user trying to DDOS discourse, but discourse itself. If there is a way, maybe distinct requests to resources (like emojis) should not be considered? Or all emojis should be combined into a sprite?
We have done a lot here to improve the situation, better rules at our CDN, looser limits for emojis.
The fundamental one of having all our hosting use one location for all emojis is not done yet and I can not see us scheduling it any time in the near future cause of the enormity of such a change.