Closed
Bug 1431507
Opened 6 years ago
Closed 4 years ago
Add rate limiting to login
Categories
(developer.mozilla.org Graveyard :: General, enhancement, P2)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: jwhitlock, Unassigned)
Details
(Keywords: in-triage, Whiteboard: [specification][type:feature][points:6+])
What problem would this feature solve? ====================================== Naive scrapers that ignore robots.txt will eventually find views requiring login. This requires creating a new OAuth session, and quickly becomes one of the top requests. Normal users log in once per session, so this is a good candidate for rate limiting Who has this problem? ===================== Staff contributors to MDN How do you know that the users identified above have this problem? ================================================================== The OAuth view is generally takes 0.2% of total request time on the site. During a recent period with a scraper, it increased to 18% of the total time, a 90x increase How are the users identified above solving this problem now? ============================================================ Scrapers contribute to lower performance, possibly downtime, and staff is alerted. The scraper are identified by IP and blocked. Do you have any suggestions for solving the problem? Please explain in detail. ============================================================================== Add a rate limit, such as 3 requests per minute, for initializing an OAuth login. Is there anything else we should know? ====================================== Login is provided by django-allauth, and it will require customization to add this rate limit, above the usual ratelimit view decorator.
Reporter | ||
Updated•6 years ago
|
Whiteboard: [specification][type:feature] → [specification][type:feature][points:6+]
Reporter | ||
Updated•6 years ago
|
Priority: P1 → P2
Comment 1•4 years ago
|
||
MDN Web Docs' bug reporting has now moved to GitHub. From now on, please file content bugs at https://github.com/mdn/sprints/issues/ and platform bugs at https://github.com/mdn/kuma/issues/.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WONTFIX
Updated•4 years ago
|
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•