Raise API rate limit threshold and relax quotas

- API_RATE_LIMIT_THRESHOLD: 35 → 120 req/min - API_RATE_LIMIT_BLOCK_SECONDS: 300 → 60 s - API_QUOTA_DAILY: 1 000 → 100 000 - API_QUOTA_WEEKLY: 7 000 → 700 000 (7× daily) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2 weeks ago · 079dd47df2
1 changed files with 4 additions and 4 deletions
--- a/sapl/settings.py
+++ b/sapl/settings.py
@ -439,15 +439,15 @@ RATE_LIMIT_BYPASS_PATHS = [
 # API quota — daily and weekly call caps for all /api/ callers (anon and auth).
 # All callers are keyed by IP — auth status is not checked.
 # Weekly default is 7× the daily cap.
-API_QUOTA_DAILY = config('API_QUOTA_DAILY', default=1000, cast=int)
-API_QUOTA_WEEKLY = config('API_QUOTA_WEEKLY', default=7000, cast=int)
+API_QUOTA_DAILY = config('API_QUOTA_DAILY', default=100000, cast=int)
+API_QUOTA_WEEKLY = config('API_QUOTA_WEEKLY', default=700000, cast=int)

 # API-specific per-minute rate limit for external (non-same-origin) anonymous calls.
 # Abuse writes rl:api:ip:<ip>:blocked only — never rl:ip:<ip>:blocked.
 API_RATE_LIMIT_ENABLED = config('API_RATE_LIMIT_ENABLED', default=True, cast=bool)
-API_RATE_LIMIT_THRESHOLD = config('API_RATE_LIMIT_THRESHOLD', default=35, cast=int)
+API_RATE_LIMIT_THRESHOLD = config('API_RATE_LIMIT_THRESHOLD', default=120, cast=int)
 API_RATE_LIMIT_WINDOW_SECONDS = config('API_RATE_LIMIT_WINDOW_SECONDS', default=60, cast=int)
-API_RATE_LIMIT_BLOCK_SECONDS = config('API_RATE_LIMIT_BLOCK_SECONDS', default=300, cast=int)
+API_RATE_LIMIT_BLOCK_SECONDS = config('API_RATE_LIMIT_BLOCK_SECONDS', default=60, cast=int)
 API_RATE_LIMIT_SAME_ORIGIN_BYPASS = config('API_RATE_LIMIT_SAME_ORIGIN_BYPASS', default=True, cast=bool)

 # Media file serving — serve_media (sapl/base/media.py) via X-Accel-Redirect.