Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Codify new geo rate limits #11552

Merged
merged 1 commit into from
Feb 3, 2025
Merged

Codify new geo rate limits #11552

merged 1 commit into from
Feb 3, 2025
+41 −3

Conversation

kenoir
Copy link
Contributor

@kenoir kenoir commented Jan 31, 2025

What does this change?

This change codifies some new AWS WAF rules that codify new geo rate limits from requests originating in Brazil after seeing significant suspected bot traffic.

The rate limit blocks requests originating from Brazil if they exceed 500 requests per minute.

How to test

This change has been deployed in production for the last week to test impact in traffic.

See WAF results:
Screenshot 2025-01-31 at 15 31 47

See GA active users for the same period:
Screenshot 2025-01-31 at 15 35 24

We see no drop in reported active users although there is significant requests counted as blocked. This indicates sucessful reduction in bot traffic without impacting active users.

How can we measure success?

Reduced load, no outages.

Have we considered potential risks?

As the bot traffic does not advertise itself as such and attempts to use advanced WAF features to match this traffic have failed there is a risk we are degrading the experience for real users in the chosen regions during times of high bot traffic. Identifying that there is no significant impact to active users indicates this is not a widespread problem, mitigating risk.

@kenoir kenoir requested a review from a team as a code owner January 31, 2025 15:39
@kenoir kenoir self-assigned this Jan 31, 2025
@kenoir kenoir linked an issue Jan 31, 2025 that may be closed by this pull request
Widen geo-rate limit WAF rules for wellcomecollection.org wellcomecollection/platform#5897
Closed
@kenoir kenoir requested a review from a team February 3, 2025 08:32
rcantin-w
rcantin-w approved these changes Feb 3, 2025
View reviewed changes
Copy link
Contributor

@rcantin-w rcantin-w left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To confirm; this also blocks requests from Hong Kong and that's ok too?

@kenoir kenoir enabled auto-merge February 3, 2025 10:13
@kenoir kenoir merged commit 924ea4f into main Feb 3, 2025
4 checks passed
@kenoir kenoir deleted the rk/codify-new-geo-rate-limits branch February 3, 2025 10:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rcantin-w rcantin-w rcantin-w approved these changes

Assignees

@kenoir kenoir

Labels
None yet
Projects
Digital experience
Status: Ready for review
Digital platform
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Widen geo-rate limit WAF rules for wellcomecollection.org
2 participants
@kenoir @rcantin-w