Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add documentation for API rate limiting #4287

Merged
merged 13 commits into from
Jun 13, 2023
Merged

Add documentation for API rate limiting #4287

Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
0057b98
fix#4171 api rate limit
cwillum Jun 7, 2023
ed62849
fix#4171 api rate limit
cwillum Jun 8, 2023
4e2a495
fix#4171 api rate limit
cwillum Jun 8, 2023
3ee6c01
fix#4171 api rate limit
cwillum Jun 8, 2023
2492f66
fix#4171 api rate limit
cwillum Jun 8, 2023
2d9b2d2
fix#4171 api rate limit
cwillum Jun 8, 2023
99cbf45
fix#4171 api rate limit
cwillum Jun 8, 2023
27da715
fix#4171 api rate limit
cwillum Jun 8, 2023
7d20dd4
fix#4171 api rate limit
cwillum Jun 8, 2023
00b1a5b
fix#4171 api rate limit
cwillum Jun 9, 2023
abc54f9
fix#4171 api rate limit
cwillum Jun 9, 2023
2328c10
fix#4171 api rate limit
cwillum Jun 13, 2023
7cf4299
fix#4171 api rate limit
cwillum Jun 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions _security/configuration/configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,37 @@ If `challenge` is set to `true`, the Security plugin sends a response with statu
If `challenge` is set to `false` and no `Authorization` header field is set, the Security plugin does not send a `WWW-Authenticate` response back to the client, and authentication fails. You might want to use this setting if you have another challenge `http_authenticator` in your configured authentication domains. One such scenario is when you plan to use basic authentication and OpenID Connect together.
cwillum marked this conversation as resolved.
Show resolved Hide resolved


## Rate limiting

| Setting | Description |
| :--- | :--- |
| `opensearch_security.ui.openid.login.buttonname` | Display name for the login button. "Log in with single sign-on" by default. |
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this change part of this PR?

Copy link
Contributor Author

@cwillum cwillum Jun 8, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@DarshitChanpura Just in a draft state right now. I'll keep you posted. (and the answer is no. Just getting a table in there.)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@DarshitChanpura I believe this is all set. When you get a chance, could you have a last look? Thanks for all the help with this.



```yml
auth_failure_listeners:
internal_authentication_backend_limiting:
type: username
authentication_backend: intern
allowed_tries: 3
time_window_seconds: 60
block_expiry_seconds: 60
max_blocked_clients: 100000
max_tracked_clients: 100000
```

```yml
auth_failure_listeners:
ip_rate_limiting:
type: ip
allowed_tries: 1
time_window_seconds: 20
block_expiry_seconds: 180
max_blocked_clients: 100000
max_tracked_clients: 100000
```


## Backend configuration examples

The default `config/opensearch-security/config.yml` file included in your OpenSearch distribution contains many configuration examples. Use these examples as a starting point and customize them to your needs.
Expand Down