Skip to content

Resolve #3447955 "Rate limit by asn"

Needs review and testing.

Closes #3447955.

In local tests the ASN lookup took, on average, .0008s (measured by taking the difference of microtime(TRUE) immediately before and after the lookup operation - inclusive of the reader instantiation). Memory consumption to render the page response was not noticeably influenced (measured via webprofiler).

It seems GeoIP2's Optional C Extension should further speed up the lookups (if possible to install into your hosting environment).

Initially I was expecting the ASN lookup to be heavier than this, and thus was assuming I'd have to cache ASN lookups in the chosen backend (if possible). That could still be something we want to do at some point, but given the availability of the Optional C Extension and the very minimal impact of the lookup even without that optional extension, I felt ASN lookup caching might be overkill at the outset here.

I intend to test the ASN lookup's performance impact on an actual web server environment next. I'm hopeful the results will be similar.

This MR changes how we talk about the "regular" traffic limit - breaking it out into visitor-level (IP + UA) and ASN-level limits, leaving both of these limits optional, and keeping the crawler limit required.

The flow is essentially:

Identified as crawler? -> Enforce crawler rate limit. Done. Not identified as crawler? -> Enforce regular, visitor-level limit (if configured). Then, if not blocked at visitor-level, enforce regular, ASN-level limit (if configured). Done.

Merge request reports

Loading