Warning This document has not been updated for a while now. It may be out of date.

Last updated: 12 Jul 2022

Rate Limiting

Rate limiting on GOV.UK is largely handled at the infrastructure level, with one exception at the app level for finer control.

Infrastructure

At the infrastructure level, the nginx instances on the cache machines have a rate limit of 6 rpm / IP address in a GET/POST pair (ie one that returns a form on a GET, and submits that form with a POST)

Note that the free nginx instances used on GOV.UK cannot share state, so this rate limit is actually much higher, theoretically 6 * the number of caches for a set of fast requests spread around the caches perfectly by the load balancer.

App-level rate limits on Feedback

The feedback app has in-app rate limiting provided by the Rack::Attack gem and uses an elasticache instance to share state between the various instances of the app, which allows much closer control. This is to control the contact us form, which needs a much lower rate limit. Currently this is set to 1 rpm / IP or 1 rpm / email address if the user enters an email address to respond to.

Further reading

• Tech Fornightly Presentation Rate Limiting in the Feedback App (GDS only)

More in the Infrastructure section

Learn

• Domain Name System (DNS) records
• GOV.UK and Virtual Private Networks (VPNs)
• GOV.UK's environments (integration, staging, production)
• Terraform Cloud

How to...

• Add a new Ruby version
• Databases on GOV.UK
• Manage Amazon MQ
• Manage OpenSearch on AWS
• Manually resize EBSs (elastic block store)
• Move apps between servers
• Provision machines for data science research
• Reprovision a machine