[BUG] Rate limiting rules don't always take effect #1946
Comments
|
Hi @MB-Finski, thank you for opening this issue. Can you share the configuration that you entered and the steps you took to find this bug ? Thank you! |
|
Sure! Here's the relevant config taken from variables.env (defined using the UI): cloud.domain.com_LIMIT_REQ_URL_1=/apps However, if a user accesses a share link (e.g. cloud.domain.com/s/<share_id>) they may get 429 with a rate limit of 2r/s reported in the error.log. |
|
I'll have a look at this and keep you updated, thanks again! |
|
@MB-Finski I couldn't reproduce the bug. Can you share your use case and the exact setting you've set (all of them if possible would help greatly), thank you! |
…value check when a multiple has a suffix
TheophileDiot
added
the
next major
|
Thank you for bringing this issue to our attention. We are pleased to inform you that this issue has been resolved in the latest version of BunkerWeb. You can update you stack to the latest version here: https://docs.bunkerweb.io/latest/. We appreciate your feedback, which helps us improve our products, don't hesitate to open a new issue if needed. |
What happened?
As mentioned in #1930, there seems to be some oddities going on with the limit plugin. Specifically the request limit rules are not always respected.
Even if you set a rate limit of 20 requests for /, you may get 429 for some sub folders with a corresponding error.log entry stating that: current rate = 3r/s and max rate = 2r/s. This is despite the fact that for this specific subdomain, none of the specified rate limits are 2r/s. In fact, all sub folders including / have a rate limit of 20req/s or more.
How to reproduce?
Configuration file(s) (yaml or .env)
Relevant log output
BunkerWeb version
1.5.12
What integration are you using?
Linux
Linux distribution (if applicable)
Debian 12
Removed private data
Code of Conduct
The text was updated successfully, but these errors were encountered: