With per-domain rate-limiting, we can strengthen protections by:
Configuring higher limits for well-known targets like github.com and lower limits for unknown domains
(There was another item to add above, but I was interrupted before typing it and unfortunately lost it. Hopefully, it comes back, because it felt like a good one.)
Ideally, this measure will complement existing measures that limit total requests per IP in a given timeframe.
With per-domain rate-limiting, we can strengthen protections by:
(There was another item to add above, but I was interrupted before typing it and unfortunately lost it. Hopefully, it comes back, because it felt like a good one.)
Ideally, this measure will complement existing measures that limit total requests per IP in a given timeframe.