You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
stage 1: auth required for every request. all requests without auth are rejected outright by l1s
stage 2: all requests without auth are severely rate limited to allow curl, wget, and other 'toy' usage of saturn without auth
for stage 2, the goal of the rate limits is:
to allow for toy usage of saturn, eg with curl from the command line for debugging
to explicitly disallow production usage of saturn without auth. for prod use, a customer must sign up and add auth to their requests
here are some potential rate limiting strategies to consider for implementation:
rate limit per IP, e.g. 5 reqs/IP/sec
rate limit per origin, e.g. 5 reqs/origin/sec
download rate limit per request, e.g. 200kbps maximum download speed per request
response size per request, e.g. 10MB maximum response size per request
some combination of all, or some, of the above rate limits will help accomplish both of stage 2's goals above
gruns
changed the title
once auth ships, implement severe rate limits on both IP and origin/referer
once auth ships, implement strong rate limits on both IP and origin/referer
Oct 25, 2023
gruns
changed the title
once auth ships, implement strong rate limits on both IP and origin/referer
once auth ships, implement strong rate limits on both IP and origin/referer for requests without auth
Oct 25, 2023
reidlw
changed the title
once auth ships, implement strong rate limits on both IP and origin/referer for requests without auth
once auth ships, reject all non-authorized requests
Oct 30, 2023
add two rate limits when no auth token is provided
requests with an invalid auth token will still be rejected
The text was updated successfully, but these errors were encountered: