Rate Limiting on NMS - magma/magma GitHub Wiki

In the PR https://github.com/magma/magma/pull/15380, Magma gained rate limiting on NMS.

By default after 100 request within 15 minutes for a given IP, a 429: too many request error code is returned by the endpoint for the offending IP, other endpoints still work as expected.

Rate limited endpoints are as follows:

• /user/login
• /user/logout
• /login/oidc/callback
• /user/login/oidc/callback

The default rate limit is set in /magma/nms/config/config.ts in the RATE_LIMIT_CONFIG variable.

You can override the default values with these environment variables:

RATE_LIMIT_WINDOW=900000
RATE_LIMIT_COUNT=100

Implementation overview

The rate limiting is implemented as a simple middleware returning a 429 response early if the request count limit is reached for a given time window.

To understand the code in depth see https://github.com/magma/magma/pull/15380/files