Rate-limit authenticated requests to Projects List API endpoint
In Rate-limit anonymous requests to Projects List ... (&9691 - closed), we rate limited unauthenticated requests to the Projects List API. But getting around this rate limit is quite easy by just creating a user on gitlab.com.
We do have performance issues with this API, see &8164. But independent of it, we should have a reasonable rate limit for authenticated requests to this API to stop bad actors from spamming this endpoint. We are doing the same for some user endpoints in &10932.
Breakdown by IP:
Breakdown by User:
Dashboard links:
We have a rate limit of 400 requests per IP per 10 minutes for unauthenticated requests.
By going through the above breakdown by IP dashboard, we can add a rate limit of 200 requests per minute per IP and this would impact only the outlier IPs which should be enough for all practical purposes.