Discourse ships with 3 different global rate limits that can be configured by site admins.
Global per-ip rate limits
These limits apply to every unique IP address that hits the Discourse application. (files that are served directly from the filesystem or the CDN are excluded)
By default this rate limit is enabled, you may disable it or set it to a reporting mode.
DISCOURSE_MAX_REQS_PER_IP_MODE : default none, this rate limit does not apply out of the box yet. (other options are
DISCOURSE_MAX_REQS_PER_IP_PER_MINUTE: number of requests per IP per minute (default is 200)
DISCOURSE_MAX_REQS_PER_IP_PER_10_SECONDS: number of requests per IP per 10 seconds (default is 50)
DISCOURSE_MAX_ASSET_REQS_PER_IP_PER_10_SECONDS: number of asset (avatars/css) requests per IP per 10 seconds (default is 200)
DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE: should the rate limit apply to private IPs accessing Discourse? default is false.
User API rate limits
The mobile applications acquire a user API key per device to access Discourse on behalf of a user (using an open protocol). These API keys are very tightly limited.
DISCOURSE_MAX_USER_API_REQS_PER_MINUTE: default 20
DISCOURSE_MAX_USER_API_REQS_PER_DAY: default 2880
Admin API rate limits
The administrative API keys can be generated via the
yoursite.com/admin/api/keys page. These keys can operate on behalf of users, but require administrative privileges to generate. They are limited, but not as strictly as the user API keys.
DISCOURSE_MAX_ADMIN_API_REQS_PER_KEY_PER_MINUTE : 60
Versions of Discourse prior to 1.9 did not include this limiting.
What should I do if I hit a rate limit and get throttled?
If you are consuming the API programmatically and receive back a
429 status code throttle reply you should respect it and slow down.
As an end user you should not really experience rate limits if you do, slow down. You could trigger it by opening 50 tabs real quick or doing something like that.
How do I amend these limits?
To amend the limits add the desired change into your
app.yml file in the
If you are hosted by Discourse contact firstname.lastname@example.org
Firewall and proxy warning!
If you are running a reverse proxy which is mis-configured Discourse may think all the requests are coming from a single IP address, it is very likely you will hit rate limits early. Be sure to configure your reverse proxy to forward the IP correctly.