From f9545f702079587cde0a6cd24558fee3baf49433 Mon Sep 17 00:00:00 2001 From: Gagan Trivedi Date: Mon, 5 Feb 2024 15:49:54 +0530 Subject: [PATCH] feat(rate-limit): enable rate limit in production (#3362) Co-authored-by: Ben Rometsch --- docs/docs/system-administration/system-limits.md | 6 ++++++ .../aws/production/ecs-task-definition-web.json | 16 ++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/docs/docs/system-administration/system-limits.md b/docs/docs/system-administration/system-limits.md index 22c4ea277da6..5eab5a684d70 100644 --- a/docs/docs/system-administration/system-limits.md +++ b/docs/docs/system-administration/system-limits.md @@ -31,3 +31,9 @@ In order to ensure consistent performance, Flagsmith has the following limitatio ### Segment Data Elements - Maximum size of a Segment Rule Value is **1,000 bytes** + +### Rate Limit + +Requests made to admin endpoints (i.e., non-SDK endpoints) are subject to a default rate limit of 500 per minute. If you +are self-hosting, you have the flexibility to modify this limit by adjusting the value of the environment variable +`USER_THROTTLE_RATE`. diff --git a/infrastructure/aws/production/ecs-task-definition-web.json b/infrastructure/aws/production/ecs-task-definition-web.json index 9bddfe41bda4..df8ad1c23eff 100644 --- a/infrastructure/aws/production/ecs-task-definition-web.json +++ b/infrastructure/aws/production/ecs-task-definition-web.json @@ -178,6 +178,22 @@ { "name": "PIPEDRIVE_IGNORE_DOMAINS", "value": "flagsmith.com,solidstategroup.com,restmail.net,bullettrain.io,flagsmithe2etestdomain.io" + }, + { + "name": "DEFAULT_THROTTLE_CLASSES", + "value": "core.throttling.UserRateThrottle" + }, + { + "name": "DJANGO_REDIS_CONNECTION_FACTORY", + "value": "core.redis_cluster.ClusterConnectionFactory" + }, + { + "name": "USER_THROTTLE_CACHE_BACKEND", + "value": "django_redis.cache.RedisCache" + }, + { + "name": "USER_THROTTLE_CACHE_LOCATION", + "value": "rediss://serverless-redis-cache-c4q8sw.serverless.euw2.cache.amazonaws.com:6379" } ], "secrets": [