rfc(feature): Per Category Abuse Rate Limiting #87
Conversation
JoshFerge
force-pushed
the
rfc/per-category-abuse-rate-limiting
branch
from
5394c2c
to
eea4285
Compare
|
|
||
| # Supporting Data | ||
|
|
||
| There have been several customers that hit this rate limits, and we've had to work around these issues. It has caused a lot of confusion internally, as it is not well documented / well known within the company. |
There was a problem hiding this comment.
I wrote an internal doc on our nginx abuse limits here: https://www.notion.so/sentry/NginX-Anti-Abuse-Layer-cb5712c0d63e41ffad30d36cf47ecef3
This could probably be broadcast better, idk how many people are aware of this
|
|
||
| ## Option C: | ||
|
|
||
| Simply increase our global rate limits, and rely more on Relay for the per-product rate limiting. Also attempt to make these rate limits show up in the stats page so there is more visibility into when this happens. |
There was a problem hiding this comment.
Right now we have the option to add orgs to a 'VIP list', which raises their ratelimit from 500 events/sec/project to 50,000 events/sec/org (internal document here). The VIP list can be found in a private repo here (we've added a lot of our largest orgs to the list in the last month).
There's been talk in the SRE team about either
A. making 50k/sec/org the global default for every org, or
B. just ripping out NginX and letting Relay deal with all ratelimiting
but nothing's been planned yet. If this is something you'd be interested in, I'd recommend reaching out to Khanh and letting him know about this so it gets back on his radar.
|
|
||
| ## Option A: | ||
|
|
||
| Add information about the request to either the querystring, HTTP headers, or url-route, and use these in our Nginx config to do per-project rate limiting. |
There was a problem hiding this comment.
This came up in talks with ingest once, but there was a reason why we still don't do it (I forget why but can ask someone for more info).
TODO. Rendered RFC