security icon indicating copy to clipboard operation
security copied to clipboard
verified publisher icon opensearch-project

[FEATURE] Extend rate limiter concept to beyond just auth failure

Open derek-ho opened this issue 1 year ago • 2 comments

Is your feature request related to a problem? The concept of rate limiting shouldn't be limited only to login failures, it should also be able to be configured for any type of requests (success or failure).
What solution would you like? A way to configure rate limiting for successful requests as well (failure existing today). What alternatives have you considered? None Do you have any additional context? No

derek-ho avatar Aug 16 '24 13:08 derek-ho

[Triage] Hi @derek-ho, thanks for filing this issue. @reta to follow up with some more comments on this topic. Going to leave without the triaged label for the time being.

stephen-crawford avatar Aug 19 '24 15:08 stephen-crawford

I think we have to decide if this is an infrastructure concern (API gateway, mesh, ...) or is is necessary feature of the OpenSearch cluster? I believe rate limiting is somewhat solved problem in 99% of the deployments out there and not something OpenSearch has to (re)implement.

reta avatar Aug 19 '24 15:08 reta

@derek-ho Would you like open and RFC? Or can we mark this issue as non-actionable and close it?

DarshitChanpura avatar Feb 17 '25 16:02 DarshitChanpura