Use rate limiting Redis for Rack::Attack
To control this, we use an environment variable. This is because Rack::Attack is configured in an initialiser, so a feature flag is of minimal value - it would still need a restart to take effect. We could rewrite the InstrumentedCacheStore to allow changing the store on a per-operation basis, but that adds more risk for what should be a quick migration. It would also add a feature flag check in a very hot code path (rate limiting checks happen multiple times on every request).
Showing
Please register or sign in to comment