matrix-media-repo
matrix-media-repo copied to clipboard
Prevent repeated requests to the same media file by the same requester
While in theory I suppose a sensible cache would help with this, in practise the media repo doesn't cope very well with repeatedly requesting the same media file, and it might be a smart idea to sensibly limit the number of times a given IP can request the same media over and over.
We've seen cases where the same media is requested within a few hundred millseconds, and any reasonable browser / client should be caching those requests and not hitting the server each time.
err, lower the rate limits?
But it's valid to request a lot of different media? Assuming rate limits apply to the endpoint, not endpoint+mediaId?
sure, but it's questionable if this needs an application level block or if it should be at a higher network layer. The application is already serving from cache (or is supposed to be), so should already be performing at maximum capability. A reverse proxy or alternative caching layer might want to de-dupe the requests or limit requests more severely.