Rate limiting prevents your Mattermost server from being overloaded with too many requests, and decreases the risk and impact of third-party applications or malicious attacks on your server.
Configure rate limiting settings by going to System Console > Environment > Rate Limiting, or by editing the config.json
file as described in the following tables. Changes to configuration settings in this section require a server restart before taking effect.
Important
Mattermost rate limiting configuration settings are intended for small deployments of Mattermost up to a few hundred users, and is not intended for larger, Enterprise-scale deployments.
Enable rate limiting¶
Enable or disable rate limiting to throttle APIs to a specified number of requests per second.
|
|
Maximum queries per second¶
Throttle the API at this number of requests per second when rate limiting is enabled. Numerical input. Default is 10. Increase this value to accept more requests each second, and decrease this value to allow fewer requests. |
|
Maximum burst size¶
The maximum number of requests allowed beyond the per second query limit when rate limiting is enabled. Numerical input. Default is 100. Increase this value to allow for more concurrent requests to be handled, and decrease this value to limit this capacity. |
|
Memory store size¶
The maximum number of user sessions connected to the system as determined by vary rate limit settings when rate limiting is enabled. Numerical input. Default is 10000. Typically set to the number of users in the system. We recommend setting this value to the expected number of users. A higher value may result in underutilized resources, and a lower value may result in user sessions/tokens expiring too frequently. |
|
Vary rate limit by remote address¶
Configure Mattermost to rate limit API access by IP address when rate limiting is enabled.
|
|
Vary rate limit by user¶
Configure Mattermost to rate limit API access by authentication token or not when rate limiting is enabled.
|
|
Vary rate limit by HTTP header¶
Configure Mattermost to vary rate limiting API access by the HTTP header field specified. Recommended when you’re using a proxy.
|
|