<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=330107) </details> <!--IssueSummary end--> As noted in https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/656, the /jwt/auth endpoint is cheap but heavily hit, and it is sub-optimal to set the rate-limit for all authenticated web (and unauthenticated) traffic to a threshold sufficient for /jwt/auth. If we can exclude that, we can set those base rate-limits much lower, providing additional protective effect against actual malicious or unfortunate traffic.