Skip to content

api/graph: Implement anti-DoS policies for graph visits

In order to allow public access to the graph API, we need to prevent users to DoS the graph service with resource intensive queries.

Fortunately, the graph API supports a max_edges parameter to limit the number of edges traversed by the graph.

According to the type of user querying the graph service through the Web API proxy, a maximum value for the max_edges will be set before sending a request to the graph API.

Three type of users are considered: anonymous, standard and staff. The maximum values for the max_edges query parameter according to user types are retrieved from the webapp configuration.

Related to #3836 (closed)

Depends on !701 (closed)


Migrated from D6914 (view on Phabricator)

Merge request reports