[pbs-devel] [PATCH proxmox{, -backup} v5 0/6] add user specific rate-limits
Christian Ebner
c.ebner at proxmox.com
Fri Nov 21 17:32:48 CET 2025
On 11/21/25 2:50 PM, Hannes Laimer wrote:
> When a connection is accepted we create a shared tag handle for its
> rate-limited stream. The REST layer clears that handle before every
> request. Once a request authenticates successfully, we push a
> User(...) tag with the auth ID. Failed or unauthenticated requests
> leave the tag list empty. RateLimitedStream watches that handle and
> forces an immediate limiter refresh whenever the tag set changes so
> user-specific throttles take effect right away.
>
> Currently rules with a user specified take priority over others. So:
> user > IP only > neither, in case two rules match.
>
> If users and networks are specified, the rule only applies if both
> match. So, any of the specified user connect from any of the specified
> network.
>
> And all of this ofc still only if the given timeframe matches.
>
> I did also test this with a basic nginx reverse proxy configured with
> `keepalive 32`, I didn't run into problems using this setup.
Gave version 5 of the patches another spin. Changes are nice, adding the
dirty flag and forcing updates based on that is definitely better than
comparing and cloning the tags.
User specific rate limits are still applied, also when going through the
HAProxy setup I already tested with last time.
Reviewed-by: Christian Ebner <c.ebner at proxmox.com>
Tested-by: Christian Ebner <c.ebner at proxmox.com>
More information about the pbs-devel
mailing list