Page MenuHomeSoftware Heritage

web API: whitelist swh-team machines
Closed, MigratedEdits Locked

Description

Until T1927 is fixed, it would be useful to lift the rate-limit on the Web API for swh-team members (I personally have an immediate need for it, i.e., T1926 development, but I think it's a more general need that might help all staffers).

As a first approximation maybe we can whitelist all local Inria IPs? (not sure what's the exact ranges are though…)
Alternatively we can gather the list of IP addresses of all our machines, including personal laptops, and whitelist all of them.

Event Timeline

zack triaged this task as Normal priority.Dec 2 2019, 9:41 AM
zack created this task.

Following up the F2F discussion we had yesterday on this with @olasd and @anlambert, I've thought back at @olasd question on whether I really need to access the Web UI via the public IP address.

As it turns out, the URL we already have as https://archive.internal.softwareheritage.org (which points to the private IP of the Web UI) already does 99% of what I need here. The 1% missing is that it has an invalid TLS certificate, which can be made to work with curl --insecure, but will break a bunch of automated use of it in annoying to fix ways.
So, follow-up question: can we have a valid TLS certificate for archive.i.s.o? (I can file a dedicated task for this.)

If we can have that, maybe this task is not as important/useful as I thought, and we can close it and just wait for a proper token-based solution a-la T1927.

olasd claimed this task.

The archive.internal.softwareheritage.org cert is now valid (via rSPSITEbdddd7804bbb).

Internal (vpn) IPs have been exempted from rate limiting since we've introduced it. I'm therefore closing this ticket. Feel free to reopen if you think that's not sufficient!