admiralpatrick

@admiralpatrick@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

Ask me anything!

This is my mod account on LemmyWorld. My main user is @ptz@dubvee.org

⁨Comment⁩ on ⁨[PSA] Watch for the antiyanks troll and consider adjusting your rate limits⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
If you have DB access, the values are in the local_site_rate_limit table. You’ll probably have to restart Lemmy’s API container to pick up any changes if you edit the values in the DB.
⁨Comment⁩ on ⁨[PSA] Watch for the antiyanks troll and consider adjusting your rate limits⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
One of these days your mom’s gonna stop paying for your Mullvad subscription. Whaddya gonna do then?
⁨Comment⁩ on ⁨[PSA] Watch for the antiyanks troll and consider adjusting your rate limits⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Awesome! Win-win.
⁨Comment⁩ on ⁨[PSA] Watch for the antiyanks troll and consider adjusting your rate limits⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
“Message” bucket is kind of a general purpose bucket that covers a lot of different endpoints. I had to ask the lemmy devs what they were back when I was adding a config section in Tesseract for the rate limits.

These may be a little out of date, but I believe they’re still largely correct:

Image
⁨Comment⁩ on ⁨[PSA] Watch for the antiyanks troll and consider adjusting your rate limits⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
That’s a consideration, yeah, but they’d have to all be hitting lemmy.zip (your instance) and all from the same /32 IPv4 address.

(AFAIK) CG-NAT still uses port address translation so there’s an upper limit to the number of users behind one IP address. They also are distributed geographically. So everyone would need to be in the same area on the same instance to really have that be an issue.

The more likely scenario would be multiple people in the same household using the same instance. But 20 comments per minute, divided by two people in the house would still be 10 comments per minute. That’s still probably more than they could reasonably do.
⁨Comment⁩ on ⁨[PSA] Watch for the antiyanks troll and consider adjusting your rate limits⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
nginx.org/en/docs/…/ngx_http_proxy_module.html

$proxy_add_x_forwarded_for is a built-in variable that either adds to the existing X-Forwarded-For header, if present, or adds the XFF header with the value of the built-in $remote_ip variable.

The former case would be when Nginx is behind another reverse proxy, and the latter case when Nginx is exposed directly to the client.

Assuming this Nginx is exposed directly to the clients, maybe try changing the bottom section like this to use the $remote_addr value for the XFF header. The commented one is just to make rolling back easier. Nginx will need to be reloaded after making the change, naturally.
```
     # Add IP forwarding headers
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-For $remote_addr;
```
⁨Comment⁩ on ⁨[PSA] Watch for the antiyanks troll and consider adjusting your rate limits⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Yeah, you are setting it, but that’s assuming the variable $proxy_add_x_forwarded_for has the correct IP. But the config itself is correct.

Do you have a separate location block for /api by chance, and is the proxy_set_header directive set there, too? Unless I’m mistaken, location blocks don’t inherit that from the / location.
⁨Comment⁩ on ⁨[PSA] Watch for the antiyanks troll and consider adjusting your rate limits⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
I replied to your other comment, but most likely cause is the API server not getting the correct client IP. If that’s not setup correctly, then it will think every request is from the reverse proxy’s IP and trigger the limit.

Unless they’re broken again. Rate limiting seems to break every few releases, but my instance was on 0.19.12 before I shut it down, and those values worked.
⁨Comment⁩ on ⁨[PSA] Watch for the antiyanks troll and consider adjusting your rate limits⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Not sure. I had mine set to 20 per 60 for a long time without issue.

Most likely cause would be the Lemmy API service not getting the correct client IP and seeing all API requests come from the reverse proxy’s IP.

Are you sending the client IP in the X-Forwarded-For header? Depending on how your inbound requests are routed, you may have to do that for every reverse proxy in the path.
⁨Comment⁩ on ⁨[PSA] Watch for the antiyanks troll and consider adjusting your rate limits⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:

So, a ‘Comments’ Rate limit: 10, Per second: 60, means a maximum of 10 comments per minute, correct?

Correct, per client IP.

Maybe the reason you see 99999999 is due to troubleshooting

Could be. I try not to speculate on “why” when I don’t have access to the answer lol.

I don’t recall any of them being from mander (unless they were dealt with before I started testing?), but thanks for taking preventative measures :)
⁨Comment⁩ on ⁨[PSA] Watch for the antiyanks troll and consider adjusting your rate limits⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
You’ll have to talk to the lemmy devs about that. I’m a retired admin, but last I was aware, they’re based on client IP.
[PSA] Watch for the antiyanks troll and consider adjusting your rate limits
Submitted ⁨⁨3⁩ ⁨weeks⁩ ago⁩ to ⁨fediverse@lemmy.world⁩ | ⁨80⁩ ⁨comments⁩
⁨Comment⁩ on ⁨Is there a lemmy app that you can group communities in a feed?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Lemmy’s API doesn’t have a direct way to do that, unfortunately.

Tesseract (web-based lemmy app) used to have that before I took it out. After the ranking metrics were removed from the API, it was hard to sort them other than by new/old or by score. When you have a mix of active and inactive communities, it didn’t work great without the ranking metrics being there.

You can still group communities, but only for organizing them or (in the dev branch/next version) applying filter policies to communities in that group.

I may revisit the idea if I can figure out a better way to generate the custom feeds.
⁨Comment⁩ on ⁨Fediverse Report – #128 - this week's fediverse news⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Oh, I was just jokingly salty that there were two articles covering fediverse clients and felt snubbed it didn’t get so much as a mention in either. Again, jokingly salty, and not actually upset lol.
⁨Comment⁩ on ⁨Fediverse Report – #128 - this week's fediverse news⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Tesseract, a Lemmy UI that’s existed for over two years: codeberg.org/tesseract-ui/tesseract
- tesseract.dubvee.org
- t.lemmy.world
⁨Comment⁩ on ⁨Fediverse Report – #128 - this week's fediverse news⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:

A follow-up to last week’s overview of fediverse clients, with some more interesting clients to pay attention to

Image
⁨Comment⁩ on ⁨are we federating with dot world? how to check federation status?⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
I can see this post from .world. Federation looks to be pretty close to in-sync (those activities behind values are only estimates since not necessarily all of those would be bound for lemm.ee). In my experience, “activities behind” value from .world less than 500 is as pretty close to fully in sync as you can really get (sometimes it drops lower, but average for me is 200-500).

Image