feat: Update rack attack IP limit (#7866)

Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
2025-10-30 02:32:29 +00:00 · 2023-09-06 18:56:42 +05:30
parent 52e49d5f9d
commit 5c74674c2b
2 changed files with 3 additions and 1 deletions
--- a/.env.example
+++ b/.env.example
@@ -199,6 +199,8 @@ ANDROID_SHA256_CERT_FINGERPRINT=AC:73:8E:DE:EB:56:EA:CC:10:87:02:A7:65:37:7B:38:
 ## Rack Attack configuration
 ## To prevent and throttle abusive requests
 # ENABLE_RACK_ATTACK=true
+# RACK_ATTACK_IP_LIMIT=3000
+# ENABLE_RACK_ATTACK_WIDGET_API=true

 ## Running chatwoot as an API only server
 ## setting this value to true will disable the frontend dashboard endpoints
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -46,7 +46,7 @@ class Rack::Attack
  #
  # Key: "rack::attack:#{Time.now.to_i/:period}:req/ip:#{req.ip}"

-  throttle('req/ip', limit: 300, period: 1.minute, &:ip)
+  throttle('req/ip', limit: ENV.fetch('RACK_ATTACK_LIMIT', 3000), period: 1.minute, &:ip)

  ###-----------------------------------------------###
  ###-----Authentication Related Throttling---------###