Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NAS-129692 / 24.10 / rate limit methods that have @no_auth_required #13912

Merged
merged 6 commits into from
Jul 5, 2024
Merged

NAS-129692 / 24.10 / rate limit methods that have @no_auth_required #13912

merged 6 commits into from
Jul 5, 2024

Conversation

yocalebo
Copy link
Contributor

@yocalebo yocalebo commented Jun 21, 2024
edited
Loading

For obvious reasons, we MUST protect public endpoints that are marked with @no_auth_required by rate limiting them. This implementation will rate limit all methods that are marked with @no_auth_required. These rate limits are implemented by hashing them by method name AND the origin IP address that is sending the request to us. This isn't a fool-proof way and won't cover every single scenario but it's significantly better than what we currently have.

Implementation details:

  1. ignore the rate limit if the method is being called across the unix socket (internal)
  2. ignore the rate limit if the method is being called via the heartbeat interface on HA systems
  3. store the method name and ip address of the remote client making the request
  4. if a method that doesn't require authentication has been called by the same origin IP address more than 20 times within a 1min period, the rate limit will kick in
  5. if the rate limits are being enforced, we will sleep a random delay to provide some form of backpressure to the offending client
  6. if the global cache limit has been reached (100 total entries), requests made by ANY remote caller to methods that don't require authentication will be blocked
  7. the global rate limit cache will be cleared every 10mins

After adding this functionality and running it through our CI, I saw test failures for modules that use make_ws_request. This is for numerous reasons but the most important one is that it logged in every time it was called. This kicked in our rate limiting mechanism and so tests (specifically the FTP test) started to fail. After kicking the proverbial can down the road, I decided to go ahead and remove all uses of make_ws_request function since it was no longer needed.

@bugclerk
Copy link
Contributor

Jira URL: https://ixsystems.atlassian.net/browse/NAS-129692

@bugclerk bugclerk changed the title rate limit methods that have @no_auth_required NAS-129692 / 24.10 / rate limit methods that have @no_auth_required Jun 21, 2024
@william-gr
Copy link
Member

william-gr commented Jun 21, 2024
edited
Loading

We used to have a @throttle decorator for somethings.
Dunno if the intent was to handle that later or you could remove that as part of the PR, e.g. system.build_time

@yocalebo yocalebo force-pushed the rate-limit branch 6 times, most recently from 351af9e to 4a5be72 Compare June 25, 2024 18:32
@yocalebo yocalebo removed the WIP label Jun 25, 2024
@yocalebo yocalebo force-pushed the rate-limit branch 3 times, most recently from 8f2fc6c to 39a9a62 Compare July 3, 2024 13:26
@yocalebo yocalebo force-pushed the rate-limit branch 4 times, most recently from 28866f9 to 5eeac9c Compare July 5, 2024 16:06
@yocalebo yocalebo requested a review from anodos325 July 5, 2024 17:04
@yocalebo yocalebo requested a review from anodos325 July 5, 2024 17:58
@yocalebo yocalebo merged commit f2bea8e into master Jul 5, 2024
2 of 3 checks passed
@yocalebo yocalebo deleted the rate-limit branch July 5, 2024 19:30
@bugclerk
Copy link
Contributor

bugclerk commented Jul 5, 2024

This PR has been merged and conversations have been locked.
If you would like to discuss more about this issue please use our forums or raise a Jira ticket.

@truenas truenas locked as resolved and limited conversation to collaborators Jul 5, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@anodos325 anodos325 anodos325 approved these changes

Assignees
No one assigned
Labels
jira jira-high no-time-tracked
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@yocalebo @bugclerk @william-gr @anodos325