This is an automated email from the ASF dual-hosted git repository. beto pushed a commit to branch fix_dos in repository https://gitbox.apache.org/repos/asf/superset.git
commit e9bba52cb5f7d0a8816138c97774bdafcd86886b Author: Beto Dealmeida <[email protected]> AuthorDate: Wed Aug 9 18:02:26 2023 -0700 Add some comments and change values --- superset/config.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/superset/config.py b/superset/config.py index 18cbccfd05..0b70328e0b 100644 --- a/superset/config.py +++ b/superset/config.py @@ -266,11 +266,19 @@ PROXY_FIX_CONFIG = {"x_for": 1, "x_proto": 1, "x_host": 1, "x_port": 1, "x_prefi # Configuration for scheduling queries from SQL Lab. SCHEDULED_QUERIES: dict[str, Any] = {} -# FAB Rate limiting +# FAB Rate limiting: this is a security feature for preventing DDOS attacks. The +# feature is on by default to make Superset secure by default, but you should +# fine tune the limits to your needs. You can read more about the different +# parameters here: https://flask-limiter.readthedocs.io/en/stable/configuration.html RATELIMIT_ENABLED = True -AUTH_RATE_LIMITED = True -AUTH_RATE_LIMIT = "2 per 5 second" RATELIMIT_APPLICATION = "50 per second" +AUTH_RATE_LIMITED = True +AUTH_RATE_LIMIT = "5 per second" +# A storage location conforming to the scheme in storage-scheme. See the limits +# library for allowed values: https://limits.readthedocs.io/en/stable/storage.html +# RATELIMIT_STORAGE_URI = "redis://host:port" +# A callable that returns the unique identity of the current request. +# RATELIMIT_REQUEST_IDENTIFIER = flask.Request.endpoint # ------------------------------ # GLOBALS FOR APP Builder
