Merge pull request #4302 from sul-dlss/articles

Similarly separate articles+ search + view throttling.
sul-dlss · Jul 5, 2024 · 41963f7 · 41963f7
2 parents 295d0bb + ce2c639
commit 41963f7
Showing 1 changed file with 16 additions and 4 deletions.
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
@@ -30,12 +30,24 @@
   end
 
   # Throttle article searching more aggressively
-  Rack::Attack.throttle('articles/ip', limit: 10, period: 1.minute) do |req|
-    req.ip if req.path.start_with?('/articles')
+  Rack::Attack.throttle('articles/search/ip', limit: 30, period: 5.minutes) do |req|
+    route = begin
+      Rails.application.routes.recognize_path(req.path) || {}
+    rescue StandardError
+      {}
+    end
+
+    req.ip if route[:controller] == 'articles' && route[:action] == 'index'
   end
 
-  Rack::Attack.throttle('articles/ip', limit: 20, period: 5.minutes) do |req|
-    req.ip if req.path.start_with?('/articles')
+  Rack::Attack.throttle('articles/view/ip', limit: 300, period: 5.minutes) do |req|
+    route = begin
+      Rails.application.routes.recognize_path(req.path) || {}
+    rescue StandardError
+      {}
+    end
+
+    req.ip if route[:controller] == 'articles' && route[:action] == 'show'
   end
 
   # Throttle article searching based on badly behaved user agent (device farm)?