Skip to content

MDBF-1227: Rate limit Buildbot by client IP#982

Merged
RazvanLiviuVarzaru merged 2 commits into
MariaDB:devfrom
RazvanLiviuVarzaru:fix/buildbot-scanner-rate-limit
Jul 1, 2026
Merged

MDBF-1227: Rate limit Buildbot by client IP#982
RazvanLiviuVarzaru merged 2 commits into
MariaDB:devfrom
RazvanLiviuVarzaru:fix/buildbot-scanner-rate-limit

Conversation

@RazvanLiviuVarzaru

@RazvanLiviuVarzaru RazvanLiviuVarzaru commented Jun 29, 2026

Copy link
Copy Markdown
Collaborator

@fauust TLDR: We will probably need to experiment with the values. I allowed bursts for dev's rapidly navigating through bb pages. The per-URL bucket made aggressive scanners block genuine users.


Old behavior used request_uri as the rate-limit key, so the bucket was shared globally per exact URL. One aggressive client hammering a common URL could consume that URL's allowance and cause unrelated users to be rate-limited too. It also did not catch scanners that spread requests across many unique URLs, since each URL had its own bucket.

New behavior uses binary_remote_addr as the key.
This isolates aggressive scanners to their source IP and leaves other client IPs unaffected.

The tradeoff is that users behind the same NAT, VPN, or proxy still share one client-IP bucket.

Old behavior used request_uri as the rate-limit key, so the bucket was shared globally per exact URL. One aggressive client hammering a common URL could consume that URL's allowance and cause unrelated users to be rate-limited too. It also did not catch scanners that spread requests across many unique URLs, since each URL had its own bucket.

New behavior uses binary_remote_addr as the key and allows 10 requests per second with a burst of 200 before returning 429. This isolates aggressive scanners to their source IP and leaves other client IPs unaffected.

The tradeoff is that users behind the same NAT, VPN, or proxy still share one client-IP bucket.
Will probably need future changes if we identify 429 reponses for normal operation.

Buildbot pages can generate short request spikes when developers open or
refresh builds with many steps, changes, avatars, and websocket/API calls.
Treat those page-load clusters as burst traffic rather than raising the
sustained request rate too far.

Use the request rate as the long-term per-client ceiling, and use burst to
absorb normal UI fan-out from heavy build pages or a small number of tabs.
This keeps the developer workflow responsive while still rejecting clients
that continue sending requests above the sustained rate.
@RazvanLiviuVarzaru RazvanLiviuVarzaru force-pushed the fix/buildbot-scanner-rate-limit branch from 3db71cb to 7d56c49 Compare June 29, 2026 10:54
@RazvanLiviuVarzaru RazvanLiviuVarzaru changed the title Rate limit Buildbot by client IP MDBF-1227: Rate limit Buildbot by client IP Jun 29, 2026

@fauust fauust left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but make sure to communicate with our DEVs about this change so that they can report any problem.

The tradeoff is that users behind the same NAT, VPN, or proxy still share one client-IP bucket.

This is probably OK but maybe you can quickly ask around at PLC if that's going to be a problem?

@RazvanLiviuVarzaru RazvanLiviuVarzaru merged commit ba4d812 into MariaDB:dev Jul 1, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants