Skip to content

Comments

charts/nginz: Configure rate limits for claiming MLS key packages and getting one2one conversations#3918

Merged
smatting merged 3 commits intoq1-2024from
mls-rate-limits
Mar 5, 2024
Merged

charts/nginz: Configure rate limits for claiming MLS key packages and getting one2one conversations#3918
smatting merged 3 commits intoq1-2024from
mls-rate-limits

Conversation

@akshaymankar
Copy link
Member

@akshaymankar akshaymankar commented Mar 4, 2024

https://wearezeta.atlassian.net/browse/WPB-6979

Checklist

  • Add a new entry in an appropriate subdirectory of changelog.d
  • Read and follow the PR guidelines

@zebot zebot added the ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist label Mar 4, 2024
@akshaymankar
charts/nginz: Rate limiting claiming MLS key-pacakges by requesting a…
a0e82a3 
…nd target user

When creating a conversation a client needs to get a lot of key packages, each
for a different user. If we merely just bump the limit for this endpoint, we
will allow for DoS by someone targetting a particular user. So here we rate
limit by ensuring that the target user is included in the rate limiting key.
@akshaymankar akshaymankar force-pushed the mls-rate-limits branch 3 times, most recently from 848712e to 3f33348 Compare March 5, 2024 12:11
@akshaymankar
charts/nginz: Allow 3000 reqs/m on /conversations/one2one/:user_domai…
4154bc6 
…n/:user

During migration from proteus to MLS, this endpoint gets called for every
connection. Slowing it down just causes login to take very long.
@akshaymankar
changelog
44d30d7
smatting
smatting reviewed Mar 5, 2024
View reviewed changes
@smatting smatting merged commit 0e275c0 into q1-2024 Mar 5, 2024
@smatting smatting deleted the mls-rate-limits branch March 5, 2024 12:26
@akshaymankar akshaymankar mentioned this pull request Mar 5, 2024
Merged
2 tasks
mdimjasevic pushed a commit that referenced this pull request Apr 24, 2024
@akshaymankar
charts/nginz: Configure rate limits for claiming MLS key packages and…
5bb0321 
… getting one2one conversations (#3918)
@mdimjasevic mdimjasevic mentioned this pull request Apr 24, 2024
Merged
2 tasks
@zebot zebot mentioned this pull request Apr 25, 2024
Merged
@smatting smatting mentioned this pull request May 28, 2024
Closed
@echoes-hq echoes-hq bot added the echoes: unplanned Any work item that isn’t part of the product or technical roadmap. label Jul 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@smatting smatting smatting left review comments

@mastaab mastaab mastaab approved these changes

+1 more reviewer

@elland elland elland approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

echoes: unplanned Any work item that isn’t part of the product or technical roadmap. ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@akshaymankar @elland @smatting @mastaab @zebot