Page MenuHomePhabricator
Create Task
Maniphest T413186

rest gateway: support multiple rate limit policies per route
Closed, ResolvedPublic
Actions

Description

We need to be able to apply more than one ratelimit policy to a route. So we would not have a single default policy but a list of policies. And for each route, there would not be a single override, but a list of additional policies, and a flag for ignoring the defaults.

Use cases:

  • have a proposed policy in shadow mode to collect data while still enforcing the old policy
  • have a request-counting polic in place while also deploying a cost-based policy

Question: would it be sufficient to simply set x-wmf-ratelimit-policy multiple times? Will that make the ratelimit extension generate multiple descriptors?

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
rest-gateway: fix x-wmf-ratelimit-policy in access logoperations/deployment-chartsmaster+24 -6
rest route: support multiple rate limit policies at onceoperations/deployment-chartsmaster+113 -88
Customize query in gerrit

Related Objects
Search...

Event Timeline

daniel created this task.Dec 19 2025, 9:21 AM
daniel edited parent tasks, added: T399291: Epic: API Rate Limiting Architecture; removed: T413183: rest gateway: add support for shadow policies (selective dry run).
OWresch-WMF moved this task from Inbox, needs triage to Q3 Kanban Board on the MediaWiki-Platform-Team board.Jan 5 2026, 3:57 PM
OWresch-WMF edited projects, added MediaWiki-Platform-Team (Q3 Kanban Board); removed MediaWiki-Platform-Team.
Atieno moved this task from Incoming (Needs Triage) to Radar (other teams work) on the MW-Interfaces-Team board.Jan 9 2026, 6:12 PM
OWresch-WMF moved this task from Essential Work to OKR Work on the MediaWiki-Platform-Team (Q3 Kanban Board) board.Jan 13 2026, 11:08 AM
Blake triaged this task as Low priority.Jan 15 2026, 9:45 AM
Blake added a project: ServiceOps-Services-Oids.
Blake raised the priority of this task from Low to Medium.Jan 15 2026, 11:40 AM
Blake edited projects, added ServiceOps new; removed serviceops-deprecated.
Blake moved this task from Inbox to Scheduled (this Q) on the ServiceOps new board.Jan 15 2026, 11:45 AM
daniel renamed this task from rest gateway: support multiple rate limits per route to rest gateway: support multiple rate limit policies per route.Jan 16 2026, 10:28 AM
daniel edited parent tasks, added: T412585: Epic: Enforce API rate limits (WE5.1.3c); removed: T399291: Epic: API Rate Limiting Architecture.
gerritbot added a comment.Jan 26 2026, 12:02 PM

Change #1228218 had a related patch set uploaded (by Daniel Kinzler; author: Daniel Kinzler):

[operations/deployment-charts@master] rest route: support multiple rate limit policies at once

https://gerrit.wikimedia.org/r/1228218

gerritbot added a project: Patch-For-Review.Jan 26 2026, 12:02 PM
JTweed-WMF moved this task from OKR Work to In Progress on the MediaWiki-Platform-Team (Q3 Kanban Board) board.Feb 5 2026, 3:09 PM
daniel added a parent task: T417779: rest gateway: enforce rate limits (stage two).Feb 18 2026, 1:43 PM
daniel changed the task status from Open to In Progress.Feb 18 2026, 1:48 PM
gerritbot added a comment.Feb 19 2026, 3:22 PM

Change #1228218 merged by jenkins-bot:

[operations/deployment-charts@master] rest route: support multiple rate limit policies at once

https://gerrit.wikimedia.org/r/1228218

Maintenance_bot removed a project: Patch-For-Review.Feb 19 2026, 3:30 PM
gerritbot added a comment.Feb 19 2026, 4:45 PM

Change #1240753 had a related patch set uploaded (by Daniel Kinzler; author: Daniel Kinzler):

[operations/deployment-charts@master] rest-gateway: fix x-wmf-ratelimit-policy in access log

https://gerrit.wikimedia.org/r/1240753

gerritbot added a project: Patch-For-Review.Feb 19 2026, 4:45 PM
gerritbot added a comment.Feb 25 2026, 10:27 AM

Change #1240753 merged by jenkins-bot:

[operations/deployment-charts@master] rest-gateway: fix x-wmf-ratelimit-policy in access log

https://gerrit.wikimedia.org/r/1240753

Maintenance_bot removed a project: Patch-For-Review.Feb 25 2026, 10:30 AM
daniel closed this task as Resolved.Feb 27 2026, 3:46 PM
daniel claimed this task.

deployed and working

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits