Rate limit configuration per-client

I saw in the release notes about the new default rate limiting of 1000 queries per 60 seconds. Furthermore the documentation mentioned that this is applied per-client, but it seems that the configuration for it is global (across all clients).

Can I configure this policy per client? I have 1 client on my network (Synology NAS which does cloud-backups twice a week) and this client is now getting blocked. I've had to turn off rate limiting so that it can run, but that also removes a nice feature that I'd like to be applied to the rest of my clients on the network.

This is correct. The setting of A/B is applicable to all clients.

Rate limiting is done individual for each client using the global A/B setting.

If client X exceeds the limit, only client X is rate limited. Client Y which does not exceed the limit is not rate limited.

No.

I would take a look at this peak activity rate and set the A/B limits to just above it. This will allow your network to work properly while still providing a rate limit to thwart any deliberate DDOS attacks.

As an example, my Synology does scheduled database update activity early Sunday morning, and the Pi-hole dashboard shows the max DNS activity at 442 queries in a 10 minute window.

image

If this were the max rate from any client over any 10 minute window, I would set the rate limit to 500/600 (to give a bit of headroom).

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.