feat(security): add Traefik rate limit middleware labels
Coarse edge defense: 120 req/min average, burst 30, applied to both rspace-main and rspace-canvas routers. Layer 1 flood cap before Hono-level per-IP tiered limiting. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
e78b768f04
commit
10e70ba132
|
|
@ -169,6 +169,12 @@ services:
|
|||
- "traefik.http.routers.rspace-rsocials.entrypoints=web"
|
||||
- "traefik.http.routers.rspace-rsocials.priority=120"
|
||||
- "traefik.http.routers.rspace-rsocials.service=rspace-online"
|
||||
# Rate limiting middleware (coarse edge defense — token bucket per source)
|
||||
- "traefik.http.middlewares.rspace-ratelimit.ratelimit.average=120"
|
||||
- "traefik.http.middlewares.rspace-ratelimit.ratelimit.burst=30"
|
||||
- "traefik.http.middlewares.rspace-ratelimit.ratelimit.period=1m"
|
||||
- "traefik.http.routers.rspace-main.middlewares=rspace-ratelimit"
|
||||
- "traefik.http.routers.rspace-canvas.middlewares=rspace-ratelimit"
|
||||
# Service configuration
|
||||
- "traefik.http.services.rspace-online.loadbalancer.server.port=3000"
|
||||
- "traefik.docker.network=traefik-public"
|
||||
|
|
|
|||
Loading…
Reference in New Issue