You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by be...@apache.org on 2023/08/10 01:04:43 UTC
[superset] 03/03: Add some comments and change values
This is an automated email from the ASF dual-hosted git repository.
beto pushed a commit to branch fix_dos
in repository https://gitbox.apache.org/repos/asf/superset.git
commit ad89b839f5ebc638fe9a32e384b5ce5c40c8c100
Author: Beto Dealmeida <ro...@dealmeida.net>
AuthorDate: Wed Aug 9 18:02:26 2023 -0700
Add some comments and change values
---
superset/config.py | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/superset/config.py b/superset/config.py
index 18cbccfd05..0b70328e0b 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -266,11 +266,19 @@ PROXY_FIX_CONFIG = {"x_for": 1, "x_proto": 1, "x_host": 1, "x_port": 1, "x_prefi
# Configuration for scheduling queries from SQL Lab.
SCHEDULED_QUERIES: dict[str, Any] = {}
-# FAB Rate limiting
+# FAB Rate limiting: this is a security feature for preventing DDOS attacks. The
+# feature is on by default to make Superset secure by default, but you should
+# fine tune the limits to your needs. You can read more about the different
+# parameters here: https://flask-limiter.readthedocs.io/en/stable/configuration.html
RATELIMIT_ENABLED = True
-AUTH_RATE_LIMITED = True
-AUTH_RATE_LIMIT = "2 per 5 second"
RATELIMIT_APPLICATION = "50 per second"
+AUTH_RATE_LIMITED = True
+AUTH_RATE_LIMIT = "5 per second"
+# A storage location conforming to the scheme in storage-scheme. See the limits
+# library for allowed values: https://limits.readthedocs.io/en/stable/storage.html
+# RATELIMIT_STORAGE_URI = "redis://host:port"
+# A callable that returns the unique identity of the current request.
+# RATELIMIT_REQUEST_IDENTIFIER = flask.Request.endpoint
# ------------------------------
# GLOBALS FOR APP Builder