feat: Rate limiting on Caddy (#31496)

2024-03-07 16:22:29 +05:30 · 2024-03-07 16:22:29 +05:30 · c79947a3fc
commit c79947a3fc
parent c5aae757e5
1 changed files with 12 additions and 0 deletions
--- a/deploy/docker/fs/opt/appsmith/caddy-reconfigure.mjs
+++ b/deploy/docker/fs/opt/appsmith/caddy-reconfigure.mjs
@ -7,6 +7,9 @@ import {X509Certificate} from "crypto"
 // This was the effective behaviour before Caddy.
 const CUSTOM_DOMAIN = (process.env.APPSMITH_CUSTOM_DOMAIN || "").replace(/^https?:\/\/.+$/, "")

+// Rate limit, numeric value defining the requests-per-second allowed.
+const RATE_LIMIT = parseInt(process.env._APPSMITH_RATE_LIMIT || 15, 10)
+
 const CaddyfilePath = process.env.TMP + "/Caddyfile"

 let certLocation = null
@ -44,6 +47,7 @@ parts.push(`
  servers {
    trusted_proxies static 0.0.0.0/0
  }
+  order rate_limit before basicauth
 }

 (file_server) {
@ -113,6 +117,14 @@ parts.push(`
    import reverse_proxy 9001
  }

+  rate_limit {
+    zone dynamic_zone {
+      key {http.request.remote_ip}
+      events ${RATE_LIMIT}
+      window 1s
+    }
+  }
+
  handle_errors {
    respond "{err.status_code} {err.status_text}" {err.status_code}
    header -Server