From 6aad9cd0c8b359bd582c6d15d5899c5c0cfde292 Mon Sep 17 00:00:00 2001
From: Rafael dos Santos Silva <xfalcox@gmail.com>
Date: Thu, 9 Jul 2020 20:08:34 -0300
Subject: [PATCH] FEATURE: Add global rate limit for anon searches (#10208)

---
 app/controllers/search_controller.rb    | 3 ++-
 config/site_settings.yml                | 5 ++++-
 spec/requests/search_controller_spec.rb | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index 6bfce11fc5f..d0dac30e37c 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -159,7 +159,8 @@ class SearchController < ApplicationController
       if current_user.present?
         RateLimiter.new(current_user, "search-min", SiteSetting.rate_limit_search_user, 1.minute).performed!
       else
-        RateLimiter.new(nil, "search-min-#{request.remote_ip}", SiteSetting.rate_limit_search_anon, 1.minute).performed!
+        RateLimiter.new(nil, "search-min-#{request.remote_ip}", SiteSetting.rate_limit_search_anon_user, 1.minute).performed!
+        RateLimiter.new(nil, "search-min-anon-global", SiteSetting.rate_limit_search_anon_global, 1.minute).performed!
       end
     rescue RateLimiter::LimitExceeded => e
       return e
diff --git a/config/site_settings.yml b/config/site_settings.yml
index 079232c0a93..f7e2bd511b7 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -1542,7 +1542,10 @@ rate_limits:
   rate_limit_create_post: 5
   rate_limit_new_user_create_topic: 120
   rate_limit_new_user_create_post: 30
-  rate_limit_search_anon:
+  rate_limit_search_anon_global:
+    hidden: true
+    default: 150
+  rate_limit_search_anon_user:
     hidden: true
     default: 15
   rate_limit_search_user:
diff --git a/spec/requests/search_controller_spec.rb b/spec/requests/search_controller_spec.rb
index 044e741d54d..8416ae4f7e9 100644
--- a/spec/requests/search_controller_spec.rb
+++ b/spec/requests/search_controller_spec.rb
@@ -183,7 +183,7 @@ describe SearchController do
     context 'rate limited' do
       before do
         SiteSetting.rate_limit_search_user = 3
-        SiteSetting.rate_limit_search_anon = 2
+        SiteSetting.rate_limit_search_anon_user = 2
       end
 
       it 'rate limits searches' do