Rate limiting changes (#2519)

* Rate limiting changes This makes the following changes: * For logged in users, the rate limiting now applies to the device session rather than the remote IP address; * For non-logged in users, the rate limiting continues to apply to remote address as it does today; * It is now possible to add user IDs to the `exempt_user_ids` option under `rate_limiting` to exclude bots from rate limiting; * Admin and appservice users are now exempt from rate limiting by default. * Fix build with media API
2022-06-07 14:24:04 +01:00 · 2022-06-07 14:24:04 +01:00 · 6d4bd5d890
commit 6d4bd5d890
parent 27948fb304
6 changed files with 67 additions and 34 deletions
--- a/dendrite-sample.polylith.yaml
+++ b/dendrite-sample.polylith.yaml
@ -163,11 +163,14 @@ client_api:

  # Settings for rate-limited endpoints. Rate limiting kicks in after the threshold
  # number of "slots" have been taken by requests from a specific host. Each "slot"
-  # will be released after the cooloff time in milliseconds.
+  # will be released after the cooloff time in milliseconds. Server administrators
+  # and appservice users are exempt from rate limiting by default.
  rate_limiting:
    enabled: true
    threshold: 5
    cooloff_ms: 500
+    exempt_user_ids:
+    #  - @user:domain.com

 # Configuration for the Federation API.
 federation_api: