diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/api/ratelimiting.md | 6 | ||||
| -rw-r--r-- | docs/configuration/advanced.md | 28 |
2 files changed, 33 insertions, 1 deletions
diff --git a/docs/api/ratelimiting.md b/docs/api/ratelimiting.md index 2bdcdf2ba..d99f4d379 100644 --- a/docs/api/ratelimiting.md +++ b/docs/api/ratelimiting.md @@ -16,7 +16,7 @@ Every response will include the current status of the rate limit with the follow - `X-Ratelimit-Limit`: maximum number of requests allowed per time period. - `X-Ratelimit-Remaining`: number of remaining requests that can still be performed within. -- `X-Ratelimit-Reset`: unix timestamp indicating when the rate limit will reset. +- `X-Ratelimit-Reset`: ISO8601 timestamp indicating when the rate limit will reset. In case the rate limit is exceeded, an [HTTP 429 Too Many Requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/429) error is returned to the caller. @@ -35,3 +35,7 @@ If you don't have an HTTP proxy, then it's likely caused by NAT. In this case yo ### Can I configure the rate limit? Can I just turn it off? Yes! Set `advanced-rate-limit-requests: 0` in the config. + +### Can I exclude one or more IP addresses from rate limiting, but leave the rest in place? + +Yes! Set `advanced-rate-limit-exceptions` in the config. diff --git a/docs/configuration/advanced.md b/docs/configuration/advanced.md index 530b75f0f..b0ff4c7b6 100644 --- a/docs/configuration/advanced.md +++ b/docs/configuration/advanced.md @@ -52,6 +52,34 @@ advanced-cookies-samesite: "lax" # Default: 300 advanced-rate-limit-requests: 300 +# Array of string. CIDRs to except from rate limit restrictions. +# Any IPs inside the CIDR range(s) will not have rate limiting +# applied on their requests, and rate limit headers will not be +# set for those requests. +# +# This can be useful in the following example cases (and probably +# a bunch of others as well): +# +# 1. You've set up an automated service that uses the API, and +# it keeps getting rate limited, even though you trust it's +# not abusing the instance. +# +# 2. You live with multiple people who use the same instance, +# and you're all using the same router/NAT, so you all have +# the same IP address, and you keep rate limiting each other. +# +# 3. You mostly use your own home internet to access your instance, +# and you want to exempt your home internet from rate limiting. +# +# You should be careful when adjusting this setting, since you +# might inadvertently make rate limiting useless if you set too +# wide a range. If in doubt, be too restrictive rather than too +# lenient, and adjust as you go. +# +# Example: ["192.168.0.0/16"] +# Default: [] +advanced-rate-limit-exceptions: [] + # Int. Amount of open requests to permit per CPU, per router grouping, before applying http # request throttling. Any requests beyond the calculated limit are held in a backlog queue for # up to 30 seconds before either being processed or timing out. Requests that don't fit in the backlog |