MoinMoin: FeatureRequests/SurgeProtectionFor1.7

Exempt Trusted Logged In Users From Surge Protection (try 2)

Telling a known user (who is obviously not a bot) to slow down is very annoying to the user.

Moin 1.7 allows one or more auth methods to be listed in the auth_methods_trusted configuration variable. If a user has logged in via a trusted authentication method, he should not be subjected to surge protection.

The patch below can be applied to request/__init__.py.

@@ -264,6 +264,8 @@
             return False
 
         validuser = self.user.valid
+        if validuser and self.user.auth_method in self.cfg.auth_methods_trusted: # is this a trusted user?
+            return False        # do not subject trusted users to surge protection
         current_id = validuser and self.user.name or self.remote_addr
         if not validuser and current_id.startswith('127.'): # localnet
             return False

This looks OK, but it should get moved to the end of the surge protection code and at least something like logging.info("Trusted user %s would have triggered surge protection if not trusted." % self.user.name) should be done, so you at least can find the culprit in the logs if some of your "trusted" users is using up too much ressources.

Can you please update your patch and test it against 1.7 tip (or rc3)?

BTW, I thought about adding a group check as for the textchas, but I reverted it again, because it would require loading the group dicts for every request (while the textcha stuff only does it for saves).

-- ThomasWaldmann 2008-06-16 19:21:47

I think this is closer to what you want, the patch is for 1.7rc3:

@@ -330,7 +330,10 @@
             cache.update(data)
         except StandardError:
             pass
-
+            
+        if surge_detected and validuser and self.user.auth_method in self.cfg.auth_methods_trusted: 
+            logging.info("Trusted user %s would have triggered surge protection if not trusted." % self.user.name)
+            return False        # do not subject trusted users to surge protection
         return surge_detected
 
     def getDicts(self):

So far is testing is concerned, I can trigger surge protection without the patch and suppress surge protection with the patch applied. Thus far, I have not been able to see the logging message in any logs -- by setting loglevel=DEBUG hundreds of DEBUG messages are generated by Search and Formatter, but nothing for Request -- RogerHaase 2008-06-17 14:23:33

• I tried with the wikiserver.py and it logs to stderr for me. You maybe have to configure logging if stderr is no good for your server method. -- ThomasWaldmann 2008-06-17 16:42:41

CategoryFeatureImplemented