Skip to content

[RateLimiter] Closes #15034 adds information about the lock being nullable #15363

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 21, 2021
Merged

[RateLimiter] Closes #15034 adds information about the lock being nullable #15363

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 20 additions & 2 deletions rate_limiter.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -442,9 +442,9 @@ simultaneous requests (e.g. three servers of a company hitting your API at the
same time). Rate limiters use :doc:`locks </lock>` to protect their operations
against these race conditions.

By default, Symfony uses the global lock configured by ``framework.lock``), but
By default, Symfony uses the global lock configured by ``framework.lock``, but
you can use a specific :ref:`named lock <lock-named-locks>` via the
``lock_factory`` option:
``lock_factory`` option (or none at all):

.. configuration-block::

Expand All @@ -459,6 +459,9 @@ you can use a specific :ref:`named lock <lock-named-locks>` via the
# use the "lock.rate_limiter.factory" for this limiter
lock_factory: 'lock.rate_limiter.factory'

# or don't use any lock mechanism
lock_factory: null

.. code-block:: xml

<!-- config/packages/rate_limiter.xml -->
Expand All @@ -481,6 +484,14 @@ you can use a specific :ref:`named lock <lock-named-locks>` via the
lock-factory="lock.rate_limiter.factory"
/>

<!-- limiter-factory: or don't use any lock mechanism -->
<framework:limiter name="anonymous_api"
policy="fixed_window"
limit="100"
interval="60 minutes"
lock-factory="null"
/>

<!-- ... -->
</framework:rate-limiter>
</framework:config>
Expand All @@ -498,9 +509,16 @@ you can use a specific :ref:`named lock <lock-named-locks>` via the

// use the "lock.rate_limiter.factory" for this limiter
->lockFactory('lock.rate_limiter.factory')

// or don't use any lock mechanism
->lockFactory(null)
;
};

.. versionadded:: 5.3

The login throttling doesn't use any lock since Symfony 5.3 to avoid extra load.

.. _`DoS attacks`: https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html
.. _`Apache mod_ratelimit`: https://httpd.apache.org/docs/current/mod/mod_ratelimit.html
.. _`NGINX rate limiting`: https://www.nginx.com/blog/rate-limiting-nginx/
Expand Down