api_zone ratelimit in more places

osuAkatsuki · Oct 29, 2023 · e8af86e · e8af86e
1 parent 8c58c89
commit e8af86e
Showing 1 changed file with 15 additions and 2 deletions.
diff --git a/sites-enabled/frontend.conf b/sites-enabled/frontend.conf
@@ -6,6 +6,9 @@ server {
 
     # Akatsuki cheater panel API
     location /ac/ {
+        limit_req zone=api_zone burst=10 nodelay;
+        limit_req_status 429;
+
         proxy_set_header X-Real-IP $http_CF_Connecting_IP;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header Host $http_host;
@@ -15,6 +18,9 @@ server {
 
     # Pinned scores API
     location /api/v1/pinned/ {
+        limit_req zone=api_zone burst=10 nodelay;
+        limit_req_status 429;
+
         proxy_set_header X-Real-IP $http_CF_Connecting_IP;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header Host $http_host;
@@ -41,6 +47,9 @@ server {
 
     # Redirect downloads to the score sserver
     location /d/ {
+        limit_req zone=api_zone burst=10 nodelay;
+        limit_req_status 429;
+
         proxy_set_header X-Real-IP $http_CF_Connecting_IP;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header Host $http_host;
@@ -50,6 +59,9 @@ server {
 
     # /web/replays for replay downloads (hanayo)
     location ~ ^/(?:web/replays|d)/\d+$ {
+        limit_req zone=api_zone burst=10 nodelay;
+        limit_req_status 429;
+
         proxy_set_header X-Real-IP $http_CF_Connecting_IP;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header Host $http_host;
@@ -65,9 +77,7 @@ server {
     # Redirect /api/ to akatsuki-api
     location /api/ {
         limit_req zone=api_zone burst=10 nodelay;
-        #limit_req_log_level warn;
         limit_req_status 429;
-        #limit_req_dry_run on;
 
         add_header 'Access-Control-Allow-Origin' '*' always;
         add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS';
@@ -84,6 +94,9 @@ server {
     }
 
     location /api/v1/profile-history {
+        limit_req zone=api_zone burst=10 nodelay;
+        limit_req_status 429;
+
         add_header 'Access-Control-Allow-Origin' '*';
         add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS';
         add_header 'Access-Control-Allow-Headers' 'X-Ripple-Token';