From e89dd780b2b73e5308218587b35fd54690a7db44 Mon Sep 17 00:00:00 2001 From: Giovanni Cimolin da Silva Date: Wed, 20 Mar 2019 15:52:33 -0300 Subject: [PATCH 1/2] MCKIN-10180: Api integration version bump (#1431) --- requirements/edx/custom.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/edx/custom.txt b/requirements/edx/custom.txt index 8db7bcd85396..022f17a54f35 100644 --- a/requirements/edx/custom.txt +++ b/requirements/edx/custom.txt @@ -22,7 +22,7 @@ git+https://github.com/edx-solutions/xblock-group-project.git@0.1.1#egg=xblock-g -e git+https://github.com/mckinseyacademy/xblock-diagnosticfeedback.git@v0.2.4#egg=xblock-diagnostic-feedback==0.2.4 -e git+https://github.com/open-craft/xblock-group-project-v2.git@0.4.14#egg=xblock-group-project-v2==0.4.14 -e git+https://github.com/open-craft/xblock-virtualreality.git@v0.1.1#egg=xblock-virtualreality==0.1.1 -git+https://github.com/edx-solutions/api-integration.git@v2.5.13#egg=api-integration==2.5.13 +git+https://github.com/edx-solutions/api-integration.git@v2.7.0#egg=api-integration==2.7.0 git+https://github.com/edx-solutions/organizations-edx-platform-extensions.git@v1.2.7#egg=organizations-edx-platform-extensions==1.2.7 git+https://github.com/edx-solutions/gradebook-edx-platform-extensions.git@1.1.14#egg=gradebook-edx-platform-extensions==1.1.14 git+https://github.com/edx-solutions/projects-edx-platform-extensions.git@v1.1.8#egg=projects-edx-platform-extensions==1.1.8 From 84986adc173679cb2f38e4f5304e9312d1a15ae3 Mon Sep 17 00:00:00 2001 From: Naeem Ilyas Date: Wed, 3 Apr 2019 16:03:50 +0500 Subject: [PATCH 2/2] MCKIN-10480 - Rate limit backend limit made configurable (#1452) MCKIN-10480 - Rate limit backend limit made configurable --- cms/envs/common.py | 3 +++ common/djangoapps/util/bad_request_rate_limiter.py | 4 ++++ lms/envs/aws.py | 6 ++++++ lms/envs/common.py | 3 +++ 4 files changed, 16 insertions(+) diff --git a/cms/envs/common.py b/cms/envs/common.py index 687623690702..abdf6ea0c872 100644 --- a/cms/envs/common.py +++ b/cms/envs/common.py @@ -1438,3 +1438,6 @@ ############## Settings for CourseGraph ############################ COURSEGRAPH_JOB_QUEUE = LOW_PRIORITY_QUEUE + +# Max no. of bad requests after which ratelimitier backend will block IP's access +RATE_LIMIT_BACKEND_MAX_REQUESTS = 30 diff --git a/common/djangoapps/util/bad_request_rate_limiter.py b/common/djangoapps/util/bad_request_rate_limiter.py index 381289f63926..5e4f8f683847 100644 --- a/common/djangoapps/util/bad_request_rate_limiter.py +++ b/common/djangoapps/util/bad_request_rate_limiter.py @@ -2,6 +2,8 @@ A utility class which wraps the RateLimitMixin 3rd party class to do bad request counting which can be used for rate limiting """ +from django.conf import settings + from ratelimitbackend.backends import RateLimitMixin @@ -9,6 +11,8 @@ class BadRequestRateLimiter(RateLimitMixin): """ Use the 3rd party RateLimitMixin to help do rate limiting on the Password Reset flows """ + # get max number value from settings instead of using default one + requests = settings.RATE_LIMIT_BACKEND_MAX_REQUESTS def is_rate_limit_exceeded(self, request): """ diff --git a/lms/envs/aws.py b/lms/envs/aws.py index 7bfbe5aa5f66..27ca271e6a44 100644 --- a/lms/envs/aws.py +++ b/lms/envs/aws.py @@ -1188,3 +1188,9 @@ 'COMPLETION_VIDEO_COMPLETE_PERCENTAGE', COMPLETION_VIDEO_COMPLETE_PERCENTAGE, ) + +# Max no. of bad requests after which ratelimitier backend will block IP's access +RATE_LIMIT_BACKEND_MAX_REQUESTS = ENV_TOKENS.get( + 'RATE_LIMIT_BACKEND_MAX_REQUESTS', + RATE_LIMIT_BACKEND_MAX_REQUESTS +) diff --git a/lms/envs/common.py b/lms/envs/common.py index 590977c3f9f8..09075a7417e9 100644 --- a/lms/envs/common.py +++ b/lms/envs/common.py @@ -3401,3 +3401,6 @@ ############### Settings for user-state-client ################## # Maximum number of rows to fetch in XBlockUserStateClient calls. Adjust for performance USER_STATE_BATCH_SIZE = 5000 + +# Max no. of bad requests after which ratelimitier backend will block IP's access +RATE_LIMIT_BACKEND_MAX_REQUESTS = 30