Adjust rate-limiting to take off load from memcache

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/web/auth.py b/src/web/auth.py
index bf7ab2dd9926d806fd8ac2750f276ff54ceccb07..56f4b32f211a4aa9ecfade330f5a3386250f3af5 100644 (file)
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -45,7 +45,7 @@ class LoginHandler(AuthenticationMixin, base.BaseHandler):
                self.render("auth/login.html", next=next,
                        incorrect=False, username=None)
 
-       @base.ratelimit(minutes=60, requests=5)
+       @base.ratelimit(minutes=15, requests=10)
        def post(self):
                username = self.get_argument("username")
                password = self.get_argument("password")
@@ -89,7 +89,7 @@ class RegisterHandler(base.BaseHandler):
 
                self.render("auth/register.html")
 
-       @base.ratelimit(minutes=24*60, requests=5)
+       @base.ratelimit(minutes=15, requests=5)
        async def post(self):
                uid   = self.get_argument("uid")
                email = self.get_argument("email")
@@ -149,7 +149,7 @@ class PasswordResetInitiationHandler(base.BaseHandler):
 
                self.render("auth/password-reset-initiation.html", username=username)
 
-       @base.ratelimit(minutes=60, requests=5)
+       @base.ratelimit(minutes=15, requests=10)
        def post(self):
                username = self.get_argument("username")
 
@@ -193,7 +193,7 @@ class PasswordResetHandler(AuthenticationMixin, base.BaseHandler):
 
 
 class APICheckUID(base.APIHandler):
-       @base.ratelimit(minutes=10, requests=100)
+       @base.ratelimit(minutes=5, requests=100)
        def get(self):
                uid = self.get_argument("uid")
                result = None

diff --git a/src/web/blog.py b/src/web/blog.py
index 375adfc371528f6c372f16fc6ea7251b347c2f60..13d414e5218dfcb723cd741fb43116b848e49d14 100644 (file)
--- a/src/web/blog.py
+++ b/src/web/blog.py
@@ -119,6 +119,7 @@ class DraftsHandler(auth.CacheMixin, base.BaseHandler):
 
 
 class SearchHandler(auth.CacheMixin, base.BaseHandler):
+       @base.ratelimit(minutes=5, requests=25)
        def get(self):
                q = self.get_argument("q")
 

diff --git a/src/web/donate.py b/src/web/donate.py
index 21f8e81c23d22d027178d50e789d7ab0dccafbaa..8812794be10d163ede428679aa13f496ab6f9dc1 100644 (file)
--- a/src/web/donate.py
+++ b/src/web/donate.py
@@ -37,7 +37,7 @@ class DonateHandler(base.BaseHandler):
                        country=country, first_name=first_name, last_name=last_name,
                        amount=amount, currency=currency, frequency=frequency)
 
-       @base.ratelimit(minutes=24*60, requests=5)
+       @base.ratelimit(minutes=15, requests=5)
        async def post(self):
                amount    = self.get_argument("amount")
                currency  = self.get_argument("currency", "EUR")