Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rate-limit PPMS lookup to curb abuse (REDUX) #7673

Merged
merged 5 commits into from
Aug 18, 2021
Merged

rate-limit PPMS lookup to curb abuse (REDUX) #7673

merged 5 commits into from
Aug 18, 2021

Conversation

f1337
Copy link
Contributor

@f1337 f1337 commented Aug 17, 2021

In response to ongoing DOS activity against the Facility Locator remote Bing Maps lookup.

Please see https://github.com/department-of-veterans-affairs/va.gov-team-sensitive/blob/master/Postmortems/2021-08-16-facility-locator-possible-DOS.md for add'l details.

Now with remote_ip, because we're behind an ELB.

@f1337 @LindseySaari @thilton-oddball
rate-limit PPMS lookup to curb abuse
8642d6b 
Co-authored-by: Lindsey Hattamer <lindsey.hattamer@oddball.io>
Co-authored-by: Travis Hilton <travis.hilton@oddball.io>
@f1337 f1337 requested review from a team as code owners August 17, 2021 19:44
@f1337 f1337 force-pushed the f1337/2021-08-17-DOS-activity branch from c74b14e to 759ac3b Compare August 17, 2021 19:49
LindseySaari
LindseySaari previously approved these changes Aug 18, 2021
View reviewed changes
Copy link
Contributor

@LindseySaari LindseySaari left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯 🙇‍♀️

@f1337 @LindseySaari @rileyanderson
test fixes for Facility Locator throttle
576b34d 
Co-authored-by: Lindsey Hattamer <lindsey.hattamer@oddball.io>
Co-authored-by: Riley Anderson <riley.anderson@oddball.io>
rileyanderson
rileyanderson previously approved these changes Aug 18, 2021
View reviewed changes
LindseySaari
LindseySaari reviewed Aug 18, 2021
View reviewed changes
spec/middleware/rack/attack_spec.rb Outdated
@@ -101,11 +101,11 @@ def app

before do
limit.times do
get endpoint, params: nil, session: headers
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BAD RUBOCOP 😠 👊

@LindseySaari LindseySaari merged commit 971e0b1 into master Aug 18, 2021
@LindseySaari LindseySaari deleted the f1337/2021-08-17-DOS-activity branch August 18, 2021 15:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LindseySaari LindseySaari LindseySaari left review comments

@rileyanderson rileyanderson rileyanderson approved these changes

Assignees
No one assigned
Labels
tools-be-review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@f1337 @LindseySaari @rileyanderson @va-vfs-bot