SPDT
/
sapl
mirror of https://github.com/interlegis/sapl.git
5
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Raise API rate limit threshold and relax quotas 

- API_RATE_LIMIT_THRESHOLD: 35 → 120 req/min
- API_RATE_LIMIT_BLOCK_SECONDS: 300 → 60 s
- API_QUOTA_DAILY: 1 000 → 100 000
- API_QUOTA_WEEKLY: 7 000 → 700 000 (7× daily)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
rate-limiter-2026
Edward Ribeiro 2 weeks ago
parent
cf5606e7d7
commit
079dd47df2
1 changed files with 4 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      sapl/settings.py

8
sapl/settings.py
View File

@ -439,15 +439,15 @@ RATE_LIMIT_BYPASS_PATHS = [
# API quota — daily and weekly call caps for all /api/ callers (anon and auth). # API quota — daily and weekly call caps for all /api/ callers (anon and auth).
# All callers are keyed by IP — auth status is not checked. # All callers are keyed by IP — auth status is not checked.
# Weekly default is 7× the daily cap. # Weekly default is 7× the daily cap.
API_QUOTA_DAILY = config('API_QUOTA_DAILY', default=1000, cast=int) API_QUOTA_DAILY = config('API_QUOTA_DAILY', default=100000, cast=int)
API_QUOTA_WEEKLY = config('API_QUOTA_WEEKLY', default=7000, cast=int) API_QUOTA_WEEKLY = config('API_QUOTA_WEEKLY', default=700000, cast=int)
# API-specific per-minute rate limit for external (non-same-origin) anonymous calls. # API-specific per-minute rate limit for external (non-same-origin) anonymous calls.
# Abuse writes rl:api:ip:<ip>:blocked only — never rl:ip:<ip>:blocked. # Abuse writes rl:api:ip:<ip>:blocked only — never rl:ip:<ip>:blocked.
API_RATE_LIMIT_ENABLED = config('API_RATE_LIMIT_ENABLED', default=True, cast=bool) API_RATE_LIMIT_ENABLED = config('API_RATE_LIMIT_ENABLED', default=True, cast=bool)
API_RATE_LIMIT_THRESHOLD = config('API_RATE_LIMIT_THRESHOLD', default=35, cast=int) API_RATE_LIMIT_THRESHOLD = config('API_RATE_LIMIT_THRESHOLD', default=120, cast=int)
API_RATE_LIMIT_WINDOW_SECONDS = config('API_RATE_LIMIT_WINDOW_SECONDS', default=60, cast=int) API_RATE_LIMIT_WINDOW_SECONDS = config('API_RATE_LIMIT_WINDOW_SECONDS', default=60, cast=int)
API_RATE_LIMIT_BLOCK_SECONDS = config('API_RATE_LIMIT_BLOCK_SECONDS', default=300, cast=int) API_RATE_LIMIT_BLOCK_SECONDS = config('API_RATE_LIMIT_BLOCK_SECONDS', default=60, cast=int)
API_RATE_LIMIT_SAME_ORIGIN_BYPASS = config('API_RATE_LIMIT_SAME_ORIGIN_BYPASS', default=True, cast=bool) API_RATE_LIMIT_SAME_ORIGIN_BYPASS = config('API_RATE_LIMIT_SAME_ORIGIN_BYPASS', default=True, cast=bool)
# Media file serving — serve_media (sapl/base/media.py) via X-Accel-Redirect. # Media file serving — serve_media (sapl/base/media.py) via X-Accel-Redirect.

Write Preview
Loading…
Cancel
Save