Page MenuHomePhabricator
Paste P62380

PhabricatorClientRateLimit.php Diff
ActivePublic
Actions

Authored by Aklapper on May 14 2024, 11:19 AM.
Tags
None
Referenced Files
F53182922: PhabricatorClientRateLimit.php Diff
May 14 2024, 11:19 AM
Subscribers
None
diff --git a/phorge-upstream20230624-52be52d429ce/support/startup/PhabricatorClientRateLimit.php b/phab-wmf-20231125/support/startup/PhabricatorClientRateLimit.php
index 89a273e..7537334 100644
--- a/phorge-upstream20230624-52be52d429ce/support/startup/PhabricatorClientRateLimit.php
+++ b/phab-wmf-20231125/support/startup/PhabricatorClientRateLimit.php
@@ -3,6 +3,8 @@
final class PhabricatorClientRateLimit
extends PhabricatorClientLimit {
+ protected $whitelist = array('87.138.110.76', '198.73.209.241');
+
protected function getBucketDuration() {
return 60;
}
@@ -13,12 +15,24 @@ final class PhabricatorClientRateLimit
protected function shouldRejectConnection($score) {
$limit = $this->getLimit();
+ if ($limit == 0) {
+ return false;
+ }
// Reject connections if the average score across all buckets exceeds the
// limit.
$average_score = $score / $this->getBucketCount();
- return ($average_score > $limit);
+ if ($average_score <= $limit) {
+ return false;
+ }
+
+ // don't reject whitelisted connections
+ $key = $this->getClientKey();
+ if (in_array($key, $this->whitelist)) {
+ return false;
+ }
+ return true;
}
protected function getConnectScore() {
@@ -26,16 +40,21 @@ final class PhabricatorClientRateLimit
}
protected function getPenaltyScore() {
- return 1;
+ return 0;
}
protected function getDisconnectScore(array $request_state) {
$score = 1;
- // If the user was logged in, let them make more requests.
+ $key = $this->getClientKey();
+ // whitelisted ips get unlimited requests
+ if (in_array($key, $this->whitelist)) {
+ $score = 0;
+ }
+
if (isset($request_state['viewer'])) {
$viewer = $request_state['viewer'];
- if ($viewer->isOmnipotent()) {
+ if ($viewer->isOmnipotent() || $viewer->getIsSystemAgent()) {
// If the viewer was omnipotent, this was an intracluster request or
// some other kind of special request, so don't give it any points
// toward rate limiting.
@@ -44,10 +63,9 @@ final class PhabricatorClientRateLimit
// If the viewer was logged in, give them fewer points than if they
// were logged out, since this traffic is much more likely to be
// legitimate.
- $score = 0.25;
+ $score = $score / 4;
}
}
-
return $score;
}
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits