From 10e70ba1326f8b3860e50a2eeb8e9191511d3211 Mon Sep 17 00:00:00 2001 From: Jeff Emmett Date: Mon, 13 Apr 2026 13:31:06 -0400 Subject: [PATCH] feat(security): add Traefik rate limit middleware labels Coarse edge defense: 120 req/min average, burst 30, applied to both rspace-main and rspace-canvas routers. Layer 1 flood cap before Hono-level per-IP tiered limiting. Co-Authored-By: Claude Opus 4.6 --- docker-compose.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 388cc1da..2618d540 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -169,6 +169,12 @@ services: - "traefik.http.routers.rspace-rsocials.entrypoints=web" - "traefik.http.routers.rspace-rsocials.priority=120" - "traefik.http.routers.rspace-rsocials.service=rspace-online" + # Rate limiting middleware (coarse edge defense — token bucket per source) + - "traefik.http.middlewares.rspace-ratelimit.ratelimit.average=120" + - "traefik.http.middlewares.rspace-ratelimit.ratelimit.burst=30" + - "traefik.http.middlewares.rspace-ratelimit.ratelimit.period=1m" + - "traefik.http.routers.rspace-main.middlewares=rspace-ratelimit" + - "traefik.http.routers.rspace-canvas.middlewares=rspace-ratelimit" # Service configuration - "traefik.http.services.rspace-online.loadbalancer.server.port=3000" - "traefik.docker.network=traefik-public"