Disable per-user rate limiting by default

The rate limiting enabled via api_rate_limit, is per user rate limiting which does not protect against intentional DOS, instead DOS rate limiting should be elsewhere. Furthermore useful values for this are very deployment specific. * Private deployments simply don't need it. * Public deployments need something more sophisticated (queue depth based, not static values). * Folks that do want it as belt-and-braces want semi-decent defaults but there is no need to default it on. Part of more sane defaults effort. DocImpact Change-Id: I5451f6f90a6448c838612f180f0af750213a62bf
2013-06-27 16:03:01 -07:00 · 2013-06-27 16:03:01 -07:00 · cfdc59860e
commit cfdc59860e
parent 1b62c4386d
2 changed files with 2 additions and 2 deletions
--- a/etc/nova/nova.conf.sample
+++ b/etc/nova/nova.conf.sample
@ -313,7 +313,7 @@

 # whether to use per-user rate limiting for the api. (boolean
 # value)
-#api_rate_limit=true
+#api_rate_limit=false

 # The strategy to use for auth: noauth or keystone. (string
 # value)
--- a/nova/api/auth.py
+++ b/nova/api/auth.py
@ -30,7 +30,7 @@ from nova import wsgi

 auth_opts = [
    cfg.BoolOpt('api_rate_limit',
-                default=True,
+                default=False,
                help='whether to use per-user rate limiting for the api.'),
    cfg.StrOpt('auth_strategy',
               default='noauth',