IP已列入白名单，但出现限速错误

sithmein · 2022 年7 月 22 日 13:39

We are using Discourse in a Docker container. We have rate limits set up with a whitelisted IP. However, we are still getting rate limit errors when making requests from that IP. I’m pretty sure the nginx configuration is correct, here is how it looks:

geo $limit {
    default 1;
    1.1.1.1 0; # not the real IP
}

map $limit $limit_key {
    0 "";
    1 $binary_remote_addr;
}

limit_req_zone $limit_key zone=flood:10m rate=12r/s;
limit_req_zone $limit_key zone=bot:10m rate=200r/m;
limit_req_status 429;
limit_conn_zone $limit_key zone=connperip:10m;
limit_conn_status 429;

...
  location @discourse {
    limit_conn connperip 20;
    limit_req zone=flood burst=12 nodelay;
    limit_req zone=bot burst=100 nodelay;
   ...
  }

nginx is configured to log an error in case a rate limit has been reached and we are indeed seeing some log message - but none from the whitelisted IP. Still we are getting tons of 429 when making requests from the whitelisted IP. The request URLs are user profiles (e.g. /users/foo.json). Is there some kind of rate limit in Discourse itself?

MrBuBBLs · 2022 年9 月 12 日 09:28

Hi there, Nginx is indeed managing rate limiting as you stated but Discourse also has it’s own way to manage rate limiting at application level. Sam has an interesting piece on this :

The only thing I’m wondering is if we can indeed rate limit with exceptions (i.e. whitelist IPs through those rules). I’m still searching for a way to do this…

MrBuBBLs · 2022 年9 月 12 日 09:35

Okay I think I’m onto something :

github.com

discourse/discourse/blob/main/lib/middleware/request_tracker.rb#L14


      
          require 'middleware/anonymous_cache'
          
          
class Middleware::RequestTracker
            @@detailed_request_loggers = nil
            @@ip_skipper = nil
          
          
  # You can add exceptions to our app rate limiter in the app.yml ENV section.
            # example:
            #
            # env:
            #   DISCOURSE_MAX_REQS_PER_IP_EXCEPTIONS: >-
            #     14.15.16.32/27
            #     216.148.1.2
            #
            STATIC_IP_SKIPPER = ENV['DISCOURSE_MAX_REQS_PER_IP_EXCEPTIONS']&.split&.map { |ip| IPAddr.new(ip) }
          
          
  # register callbacks for detailed request loggers called on every request
            # example:
            #
            # Middleware::RequestTracker.detailed_request_logger(->|env, data| do
            #   # do stuff with env and data

Maybe DISCOURSE_MAX_REQS_PER_IP_EXCEPTIONS might be just what we needed

Alex_Bourge · 2022 年11 月 10 日 22:56

I, too, am hitting a rate limit of 60 calls to the API per minute which I cannot seem to alleviate. I’ve set all of these:

      - DISCOURSE_MAX_REQS_PER_IP_MODE=none
      - DISCOURSE_MAX_USER_API_REQS_PER_MINUTE=20000
      - DISCOURSE_MAX_USER_API_REQS_PER_DAY=30000
      - DISCOURSE_MAX_ADMIN_API_REQS_PER_MINUTE=20000
      - DISCOURSE_MAX_REQS_PER_IP_PER_MINUTE=20000
      - DISCOURSE_MAX_REQS_PER_IP_PER_10_SECONDS=2000
      - DISCOURSE_MAX_ASSET_REQS_PER_IP_PER_10_SECONDS=2000
      - DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL=0
      - DISCOURSE_MAX_ADMIN_API_REQS_PER_KEY_PER_MINUTE=20000
      - DISCOURSE_MESSAGE_BUS_MAX_BACKLOG_SIZE=1000
      - DISCOURSE_MAX_REQS_PER_IP_EXCEPTIONS=....

I know it’s not nginx because I’m getting the " You’ve performed this action too many times" message, which means the Discourse RateLimiter is handling it.

Did you find a solution?

话题		回复	浏览量
Remove the ip limits Support	5	1403	2021 年4 月 7 日
Whitelist Single IP for Rate Limiting Support	1	376	2024 年9 月 13 日
Available settings for global rate limits and throttling Self-Hosting reference	3	22368	2025 年1 月 24 日
Troubleshooting a 429 (rate limit) Installation	20	5733	2018 年11 月 9 日
How to avoid throttling limits with admin API key? Dev rest-api	11	1604	2024 年3 月 12 日

IP已列入白名单，但出现限速错误

相关话题