Available settings for global rate limits and throttling

Documentation Auto-hébergement
1

Discourse ships with 3 different global rate limits that can be configured by site admins.

Global per-ip rate limits

These limits apply to every unique IP address that hits the Discourse application. (files that are served directly from the filesystem or the CDN are excluded)

By default this rate limit is enabled, you may disable it or set it to a reporting mode.

DISCOURSE_MAX_REQS_PER_IP_MODE : default block, this rate limit applies out of the box. (other options are warn, warn+block, and none)

DISCOURSE_MAX_REQS_PER_IP_PER_MINUTE: number of requests per IP per minute (default is 200)

DISCOURSE_MAX_REQS_PER_IP_PER_10_SECONDS: number of requests per IP per 10 seconds (default is 50)

DISCOURSE_MAX_ASSET_REQS_PER_IP_PER_10_SECONDS: number of asset (avatars/css) requests per IP per 10 seconds (default is 200)

DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE: should the rate limit apply to private IPs accessing Discourse? default is false.

DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL: use per user rate limits vs IP rate limits for users with this trust level or more (default 1)

User API rate limits

The mobile applications acquire a user API key per device to access Discourse on behalf of a user (using an open protocol). These API keys are very tightly limited.

DISCOURSE_MAX_USER_API_REQS_PER_MINUTE: default 20
DISCOURSE_MAX_USER_API_REQS_PER_DAY: default 2880

Admin API rate limits

The administrative API keys can be generated via the yoursite.com/admin/api/keys page. These keys can operate on behalf of users, but require administrative privileges to generate. There is a limit of 60 requests per minute, shared between all keys.

Self-hosted users can change this in their app.yml file. Hosted customers will need to contact their hosting provider.

DISCOURSE_MAX_ADMIN_API_REQS_PER_MINUTE : 60

Data Explorer Plugin API rate limits

DISCOURSE_MAX_DATA_EXPLORER_API_REQ_MODE: default warn , this rate limit applies out of the box. (other options are block , warn+block , and none )

DISCOURSE_MAX_DATA_EXPLORER_API_REQS_PER_10_SECONDS: 2

Note: The requests made via the Data Explorer UI do not count towards the rate limit.

What should I do if I hit a rate limit and get throttled?

If you are consuming the API programmatically and receive back a 429 status code throttle reply you should respect it and slow down.

As an end user you should not really experience rate limits if you do, slow down. You could trigger it by opening 50 tabs real quick or doing something like that.

Firewall and proxy warning! :warning:

If you are running a reverse proxy which is mis-configured Discourse may think all the requests are coming from a single IP address, it is very likely you will hit rate limits early. Be sure to configure your reverse proxy to forward the IP correctly.

How do I amend these limits?

To amend the limits add the desired change into your app.yml file in the env section.

:discourse: If you are hosted by Discourse, and on an Enterprise plan, contact team@discourse.org it you need to adjust any of these limits.

Global Rate Limits are not adjustable on starter, pro, or business plans.

60 « J'aime »
Troubleshooting a 429 (rate limit)
Is there a limit of API requests?
Rate limits for API users
Any way to turn off RateLimiter temporarily for bulk creation by admin?
Changing/removing API rate limit with category creation
Internal links not oneboxing in private messages
How to improve the forum api call number limit?
API rate limits
How-to disable or tune rate limiting by ip address?
Discourse-topic-organizer causing "Slow down, too Many Requests from this IP Address"
How to edit "hidden" site_settings?
Rate limit errors although IP is whitelisted
Understanding /logs/report_js_error 429
429 error when opening multiple topics
Why semrushbot and ahrefsbot are blocked by default?
Error code 429 when utilising a Zapier integration
Remove the ip limits
User API keys specification
Global rate API Limit is not working on live server
How to avoid throttling limits with admin API key?
Set Environmental Variables
How to disable api limits?
Increase rate limit for API?
Discourse API Generating 429
How do I disable rate limiting from a single IP
Generate User Api Key Without User Approval
Default value for id_10_secs_limit
Semantic Search API
Self-hosting Index
Discourse REST API Documentation
Issues when I enable Component, maybe Right Sidebar Blocks?
Fetch All Posts from a Topic Using the API
Direct URL for the "email me a login link" feature
Direct URL for the "email me a login link" feature
Do not see discourse/config/site_settings.yml to set USER API limits
Create and configure an API key
API rate limits
Very slow discobot certificate generation on our server
Uncaught (in promise) error
Api call returns nothing when too many requests
You Have Performed this Action Too Many Times Error
Import posts through API (time delay)
Enable user to Generate API key
Changing/removing API rate limit with category creation
Webhook connect to post comments to WordPress working unreliably
71

Il me semble que si vous avez le web.ratelimited.template.yml installé, alors ceux-ci n’ont pas d’importance puisque les choses sont limitées par NGINX avant d’atteindre Discourse, n’est-ce pas ?

C’est ce qu’il semble ressortir de mes journaux nginx.

Ma solution à court terme est d’ajouter mon adresse IP à la liste des IP locales, afin qu’elle passe NGINX. Je suppose que la chose à faire est de supprimer le modèle ratelimited pour que ceux-ci aient un sens ?

2 « J'aime »
Issues when I enable Component, maybe Right Sidebar Blocks?
72

Concernant le texte suivant :

Avertissement concernant le pare-feu et le proxy :warning :

Si vous utilisez un proxy inverse mal configuré, Discourse peut penser que toutes les requêtes proviennent d’une seule adresse IP, il est très probable que vous atteigniez rapidement les limites de débit. Assurez-vous de configurer votre proxy inverse pour qu’il transmette correctement l’IP.

Dans notre configuration, nous tunnelisons tous les appels API via un proxy. Ce proxy gère l’authentification et de nombreuses autres choses avant de parfois interroger Discourse.

Quelle est la méthode recommandée (en-tête spécifique ?) pour transmettre l’adresse IP du demandeur d’origine ?

Lié

1 « J'aime »
73

Quelqu’un pourrait-il m’aider à comprendre ce paramètre de configuration, s’il vous plaît ?

Ai-je raison de penser que ce paramètre est déjà défini sur 1 et que les limites de débit sont par défaut déjà définies par utilisateur plutôt que par adresse IP (si l’utilisateur est TL1 ou supérieur) ?

1 « J'aime »
74

il n’existait en fait pas pour me faire spécifier un ou plusieurs de ces paramètres.

mon script respectait toujours l’en-tête Retry-After, comme nous pouvons le voir à partir de la ligne 101 d’origine ;

retry_after = r.headers.get("Retry-After")

cependant, cet en-tête devenait inutilement volumineux car je planifie différentes unités de service pour que ce même script s’exécute à différents moments de la journée.

Par conséquent, les multiples de certains de ces paramètres par défaut ont amélioré la délivrabilité des e-mails via mail-receiver, ce qui reste important.