Jump to content

External request limits

From Wikitech
Diagram showing three tiers of rate limiting that an incoming request may have to pass through: the edge rate limits, API rate limits, and MediaWiki rate limits.
Rate limiting tiers

External requests to MediaWiki an other services are subject to rate limiting to protect Wikimedia infrastructure from overloading and to ensure fair access to resources for all clients. Several kinds of limits serving different purposes are applied in different places. This page provides an overview of the different limits and their properties:

Edge Rate Limits are our first layer of defense against abuse, they are implemented in HAProxy to enforce the robot policy and defend against DDoS attacks and aggressive web scrapers. These limits apply to all kinds of requests and are generally very permissive, but can be used to respond to incidents quickly and precisely via requestctl.

API Rate Limits are enforced by the API Gateway and the REST Gateway. They are intended to ensure fair allocation of resources among clients and are implemented in a way that takes into account the client's identity and level of access. They apply across sites and services, but only to API endpoints. See Wikimedia APIs/Rate limits on mediawiki.org for user facing documentation.

MediaWiki Rate Limits are enforced by the MediaWiki application itself; they are intended to limit the rate at which users can perform certain operations on wikis. They protect the community from being overwhelmed by vandals and other bad actors, e.g. by limiting the number of edits users can make per minute. The production limits are set in wmf-config/InitialiseSettings.php, see $wgRateLimits for documentation.

Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=External_request_limits&oldid=2390817"