Rate limiting on Login page

Hello,

I am using openedx-release/lilac.master

It’s a multi-tier server architecture.

On /login or /register page I get an error page saying
" Too Many Requests. "

I checked the logs of nginx access and error logs, I checked tracking logs

All of them shows only one request to login page.

Those URL directly load with this error and status being 429.

Are there any settings that I need to check ?

If I disable the RATELIMIT_ENABLE flag it works fine.

We had the same problem (discovered when the site went into production!).

We addressed it by setting two keys:

REGISTRATION_RATELIMIT: 1000000/minute
RATELIMIT_RATE: '600/m' 

As far as I can tell, these aren’t documented anywhere. I think REGISTRATION_RATELIMIT is relevant to the issue you hit. I think RATELIMIT_RATE applies to OAuth.

1 Like

Same thing, noticed it in almost production

It was working with RATELIMIT_ENABLE
I tried to remove the flag before setting the keys you mentioned @pdpinch but to my surprise it worked even without it.

Must’ve been some other misconfiguration somewhere else. ¯\_(ツ)_/¯

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.