1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-01 10:20:59 +01:00
phorge-phorge/src/aphront
epriestley 3f53718d10 Modularize rate/connection limits in Phabricator
Summary:
Depends on D18702. Ref T13008. This replaces the old hard-coded single rate limit with multiple flexible limits, and defines two types of limits:

  - Rate: reject requests if a client has completed too many requests recently.
  - Connection: reject requests if a client has too many more connections than disconnections recently.

The connection limit adds +1 to the score for each connection, then adds -1 for each disconnection. So the overall number is how many open connections they have, at least approximately.

Supporting multiple limits will let us do limiting by Hostname and by remote address (e.g., a specific IP can't exceed a low limit, and all requests to a hostname can't exceed a higher limit).

Configuring the new limits looks something like this:

```
PhabricatorStartup::addRateLimit(new PhabricatorClientRateLimit())
  ->setLimitKey('rate')
  ->setClientKey($_SERVER['REMOTE_ADDR'])
  ->setLimit(5);

PhabricatorStartup::addRateLimit(new PhabricatorClientConnectionLimit())
  ->setLimitKey('conn')
  ->setClientKey($_SERVER['REMOTE_ADDR'])
  ->setLimit(2);
```

Test Plan:
  - Configured limits as above.
  - Made a lot of requests, got cut off by the rate limit.
  - Used `curl --limit-rate -F 'data=@the_letter_m.txt' ...` to upload files really slowly. Got cut off by the connection limit. With `enable_post_data_reading` off, this correctly killed the connections //before// the uploads finished.
  - I'll send this stuff to `secure` before production to give it more of a chance.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13008

Differential Revision: https://secure.phabricator.com/D18703
2017-10-13 13:12:05 -07:00
..
__tests__ phtize all the things 2015-05-22 21:16:39 +10:00
configuration Modularize rate/connection limits in Phabricator 2017-10-13 13:12:05 -07:00
exception Convert some whiny exceptions into quiet MalformedRequest exceptions 2016-08-16 15:50:21 -07:00
handler Pass all Throwables to Exception Handlers, not just Exceptions 2017-06-20 05:44:51 -07:00
httpparametertype Fix spelling 2017-10-09 10:48:04 -07:00
interface Allow Controllers to return a wider range of "response-like" objects 2015-09-01 15:52:52 -07:00
response Make "Range" HTTP header work for Celerity static resource requests 2017-04-18 13:46:27 -07:00
sink Don't combine automatic output compression with "Content-Length" 2016-12-13 14:25:49 -08:00
site Allow custom Sites to have custom 404 controllers 2016-11-30 15:25:09 -08:00
AphrontController.php Provide an AphrontController implementation of willSendResponse() 2015-09-07 17:18:35 -07:00
AphrontRequest.php Preserve nonstandard ports during 404 redirects which add "/" to the ends of URIs 2017-01-04 06:55:10 -08:00