Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

charts/nginz: Configure rate limits for claiming MLS key packages and getting one2one conversations #3918

Merged
merged 3 commits into from
Mar 5, 2024
Merged

charts/nginz: Configure rate limits for claiming MLS key packages and getting one2one conversations #3918

merged 3 commits into from
Mar 5, 2024

Conversation

akshaymankar
Copy link
Member

https://wearezeta.atlassian.net/browse/WPB-6979

Checklist

  • Add a new entry in an appropriate subdirectory of changelog.d
  • Read and follow the PR guidelines

@zebot zebot added the ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist label Mar 4, 2024
@akshaymankar
charts/nginz: Rate limiting claiming MLS key-pacakges by requesting a…
a0e82a3 
…nd target user

When creating a conversation a client needs to get a lot of key packages, each
for a different user. If we merely just bump the limit for this endpoint, we
will allow for DoS by someone targetting a particular user. So here we rate
limit by ensuring that the target user is included in the rate limiting key.
@akshaymankar akshaymankar force-pushed the mls-rate-limits branch 3 times, most recently from 848712e to 3f33348 Compare March 5, 2024 12:11
@akshaymankar
charts/nginz: Allow 3000 reqs/m on /conversations/one2one/:user_domai…
4154bc6 
…n/:user

During migration from proteus to MLS, this endpoint gets called for every
connection. Slowing it down just causes login to take very long.
@akshaymankar
changelog
44d30d7
@smatting smatting merged commit 0e275c0 into q1-2024 Mar 5, 2024
4 of 7 checks passed
@smatting smatting deleted the mls-rate-limits branch March 5, 2024 12:26
@akshaymankar akshaymankar mentioned this pull request Mar 5, 2024
Merged
2 tasks
mdimjasevic pushed a commit that referenced this pull request Apr 24, 2024
@akshaymankar @mdimjasevic
charts/nginz: Configure rate limits for claiming MLS key packages and…
5bb0321 
… getting one2one conversations (#3918)
@mdimjasevic mdimjasevic mentioned this pull request Apr 24, 2024
Merged
2 tasks
@zebot zebot mentioned this pull request Apr 25, 2024
Merged
@smatting smatting mentioned this pull request May 28, 2024
Closed
@echoes-hq echoes-hq bot added the echoes: unplanned Any work item that isn’t part of the product or technical roadmap. label Jul 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smatting smatting smatting left review comments

@mastaab mastaab mastaab approved these changes

@elland elland elland approved these changes

Assignees
No one assigned
Labels
echoes: unplanned Any work item that isn’t part of the product or technical roadmap. ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@akshaymankar @elland @smatting @mastaab @zebot