Add issuable searches to search rate limit (!104208) · Merge requests · GitLab.org / GitLab

Heinrich Lee Yu requested to merge 340836-rate-limit-issuable-searches into master Nov 16, 2022

What does this MR do and why?

Rate limits issuable searches so that we can re-enable searching made by anonymous users. This uses the existing search rate limit settings.

This is behind a feature flag rate_limit_issuable_searches.

Note: I also considered rate limiting at the finder level, but I think there may be other places that use the finder but we don't want to include in the limit. For example, in the recent issues autocomplete finder, it adds a scope with a list of issue IDs so the searches here are fast and we do not need to limit them.

Related to #340836

How to set up and validate locally

Enable rate_limit_issuable_searches
(Optional) Lower the search rate limit in Admin > Settings > Network > Search rate limits
Load a page like http://127.0.0.1:3000/dashboard/issues?scope=all&state=opened&search=test many times to go over the limit
Get a 429 response

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Dec 20, 2022 by Heinrich Lee Yu

Add issuable searches to search rate limit

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports