Add rate limit for media proxy requests (mastodon#10490)

Gargron · web-flow · commit 0b0d3d2e7c13 · 2019-04-07T04:26:43.000+02:00
30 per 30 minutes, like media uploads
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
@@ -57,6 +57,10 @@ def web_request?
     req.authenticated_user_id if req.post? && req.path.start_with?('/api/v1/media')
   end
 
+  throttle('throttle_media_proxy', limit: 30, period: 30.minutes) do |req|
+    req.ip if req.path.start_with?('/media_proxy')
+  end
+
   throttle('throttle_api_sign_up', limit: 5, period: 30.minutes) do |req|
     req.ip if req.post? && req.path == '/api/v1/accounts'
   end
