mirror of
https://github.com/discourse/discourse.git
synced 2025-02-25 18:55:32 -06:00
b4bfc27b19
We have tested rate limiting with admin accounts with block rate limiting for close to 12 months now on meta.discourse.org. This has resulted in no degradation of services even to admin accounts that request a lot of info from the site. The default of 200 requests a minute and 50 per 10 seconds is very generous. It simply protects against very aggressive clients. This setting can be disabled or tweaked using: DISCOURSE_MAX_REQS_PER_IP_MODE and family. The only big downside here is in cases when a very large number of users tend to all come from a single IP. This can be the case on sites accessing Discourse from an internal network all sharing the same IP via NAT. Or a misconfigured Discourse that is unable to resolve IP addresses of users due to proxy mis-configuration.