Jump to content

External request limits

From Wikitech
Diagram showing three tiers of rate limiting that an incomping request may have to pass through: the edge rate limits, API rate limits, and MediaWiki rate limits.
Rate limiting tiers

External requests to MediaWiki an other services are subject to rate limiting. Several kinds of limits serving different purposes are applied in different places. This page provides an overview of the different limits and their properties:

Edge Rate Limits are enforced by HAProxy; they are intended to provide the first layer of defense. These limits apply to all endpoints, across all sites and services.They are generally very permissive and intended to protect against the infrastructure against attacks.

API Rate Limits are enforced by the API Gateway (and soon also the REST Gateway); they are intended to ensure fair allocation of resources among clients. They are implemented in a way that takes into account the client's identity and level of access. They apply across sites and services, but only to API endpoints.

MediaWiki Rate Limits are enforced by the MediaWiki application itself; they are intended to limit the rate at which users can perform certain operations on wikis. They protect the community from being overwhelmed by vandals and other bad actors, e.g. by limiting the number of edits users can make per minute. See the $wgRateLimits configuration setting for details.

Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=External_request_limits&oldid=2370909"