forked from fedi/mastodon
allow localhost to bypass the ratelimit (#2554)
This commit is contained in:
parent
5135d609b7
commit
964035b118
|
@ -1,6 +1,13 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Rack::Attack
|
class Rack::Attack
|
||||||
|
# Always allow requests from localhost
|
||||||
|
# (blocklist & throttles are skipped)
|
||||||
|
Rack::Attack.safelist('allow from localhost') do |req|
|
||||||
|
# Requests are allowed if the return value is truthy
|
||||||
|
'127.0.0.1' == req.ip || '::1' == req.ip
|
||||||
|
end
|
||||||
|
|
||||||
# Rate limits for the API
|
# Rate limits for the API
|
||||||
throttle('api', limit: 300, period: 5.minutes) do |req|
|
throttle('api', limit: 300, period: 5.minutes) do |req|
|
||||||
req.ip if req.path =~ /\A\/api\/v/
|
req.ip if req.path =~ /\A\/api\/v/
|
||||||
|
|
Loading…
Reference in a new issue