Psono Documentation

# Throttle Rates

# Preamble

This guide will explain how to configure custom throttle rates for custom rate limits. Psono comes preconfigured with reasonable defaults that are chosen to be produce the least friction and false positive blocks, yet sometimes you may run into an Error 429 and may want to customize these rates.

TIP

Rates are "global" (if you use a central cache) or per process (controlled by the environment variable UWSGI_PROCESSES and defaults to 10)

# Rate Limit Settings

# Access without credentials

All access without credentials is controlled by this rate limit. This rate limit works on a 'per IP' basis.

THROTTLE_RATE_ANON: '1440/day'

Restart the server afterward

# Login

All login requests are throttled by scope. This rate limit works on a 'per IP' basis.

THROTTLE_RATE_ANON: '1440/day'

Restart the server afterward

All requests to access a link share are controlled by this rate limit. This rate limit works on a 'per IP' basis.

THROTTLE_RATE_LINK_SHARE_SECRET: '60/hour'

Restart the server afterward

# Emergency Code and Recovery Code Access

All requests to use emergency codes and recovery codes is controlled by this rate limit. This rate limit works on a 'per IP' basis.

THROTTLE_RATE_PASSWORD: '24/day'

Restart the server afterward

# All authenticated requests

All requests that are authenticated and not controlled by one of the other rate limits use this rate limit. This rate limit works on a 'per user' basis.

THROTTLE_RATE_USER: '86400/day'

Restart the server afterward

# All authenticated requests

All requests to the /healthcheck/ endpoint are controlled by this rate limit. This rate limit works on a 'per IP' basis.

THROTTLE_RATE_HEALTH_CHECK: '61/hour'

Restart the server afterward

# All user status checks

All clients periodically ask the server for updates like new shares and so on. The client is calling the /user/status/ endpoint and this config controls the rate limit for this endpoint. This rate limit works on a 'per user' basis.

THROTTLE_RATE_STATUS_CHECK: '61/hour'

Restart the server afterward

# Google Authenticator

Whenever a user uses a google authenticator as second factor then this config will control the allowed rate limit. This rate limit works on a 'per user' basis.

THROTTLE_RATE_GA_VERIFY: '6/minute'

Restart the server afterward

# DUO

Whenever a user uses DUO as second factor then this config will control the allowed rate limit. This rate limit works on a 'per user' basis.

THROTTLE_RATE_DUO_VERIFY: '6/minute'

Restart the server afterward

# Yubikey

Whenever a user uses a Yubikey as second factor then this config will control the allowed rate limit. This rate limit works on a 'per user' basis.

THROTTLE_RATE_YUBIKEY_OTP_VERIFY: '6/minute'

Restart the server afterward

# Registration

Whenever a user registers then this config will control the allowed rate limit. This rate limit works on a 'per IP' basis.

THROTTLE_RATE_REGISTRATION: '6/minute'

Restart the server afterward

# User deletion

Whenever a user wants to delete his account he needs to provide his password. This rate limit will protect against bruteforce attacks. This rate limit works on a 'per user' basis.

THROTTLE_RATE_USER_DELETE: '6/minute'

Restart the server afterward

# User update

Whenever a user wants to update his password or email address he needs to provide his (old) password. This rate limit will protect against bruteforce attacks. This rate limit works on a 'per user' basis.

THROTTLE_RATE_USER_UPDATE: '6/minute'

Restart the server afterward

# Fileserver Alive

The fileserver is periodically announcing it being alive and this setting controls how often a single ip can call the appropriate endpoint. This rate limit works on a 'per ip' basis.

THROTTLE_RATE_FILESERVER_ALIVE: '6/minute'

Restart the server afterward

# Fileserver Upload

Whenever a user is uploading something to the fileserver, the fileserver will relay the request to the server. This rate limit controls how often such a request can be handled. This rate limit works on a 'per fileserver' basis.

THROTTLE_RATE_FILESERVER_UPLOAD: '10000/minute'

Restart the server afterward

# Fileserver Download

Whenever a user is downloading something from the fileserver, the fileserver will relay the request to the server. This rate limit controls how often such a request can be handled. This rate limit works on a 'per fileserver' basis.

THROTTLE_RATE_RATE_FILESERVER_DOWNLOAD: '10000/minute'

Restart the server afterward

1a. Update Psono CE