jvilhuber
commented
4 years ago Some links: https://github.com/stefanprodan/AspNetCoreRateLimit/wiki/IpRateLimitMiddleware#setup https://www.nginx.com/blog/rate-limiting-nginx/ https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#limit-rate https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus https://github.com/stefanprodan/WebApiThrottle
Specific focus on auth-stuff (logins, password reset, etc). But we should rate limit all (probably in the kube ingress. Verify the existing 20requests/second config we currently have)