Skip to content
This repository has been archived by the owner on Jul 12, 2023. It is now read-only.

Switch to APIKey+IP rate limiting, HMAC values #513

Merged
merged 3 commits into from
Sep 11, 2020
Merged

Switch to APIKey+IP rate limiting, HMAC values #513

merged 3 commits into from
Sep 11, 2020

Conversation

sethvargo
Copy link
Member

@sethvargo sethvargo commented Sep 10, 2020
edited
Loading

This changes rate limiting for API keys to be "per API key realm, per IP" to reduce the chance of someone being able to DOS the system if they were to uncover an API key.

It also switches to HMAC (instead of just hash) the values before they are stored in Redis.

Release Note

**Major change!** Change rate limiting for API keys to rate limit by "Realm + IP" to reduce the chance of a DOS attack. Re-evaluate your rate limits to ensure they still make sense in this new model.

@google-cla google-cla bot added the cla: yes Auto: added by CLA bot when all committers have signed a CLA. label Sep 10, 2020
@sethvargo
Copy link
Member Author

/assign @mikehelmick

@sethvargo sethvargo force-pushed the sethvargo/ratelimit_apikey_ip branch 2 times, most recently from 91c53bb to 6a46ae3 Compare September 10, 2020 18:31
@sethvargo
Copy link
Member Author

@mikehelmick fixed - PTanotherL

icco
icco approved these changes Sep 11, 2020
View reviewed changes
Copy link
Contributor

@icco icco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@google-oss-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: icco, sethvargo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@google-oss-robot google-oss-robot merged commit b1229c6 into main Sep 11, 2020
@google-oss-robot google-oss-robot deleted the sethvargo/ratelimit_apikey_ip branch September 11, 2020 15:16
@google google locked and limited conversation to collaborators Oct 6, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mikehelmick mikehelmick mikehelmick left review comments

@icco icco icco approved these changes

@whaught whaught Awaiting requested review from whaught

Assignees

@icco icco

@mikehelmick mikehelmick

Labels
cla: yes Auto: added by CLA bot when all committers have signed a CLA.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sethvargo @google-oss-robot @icco @mikehelmick