|Rate limiter: $wgRateLimits|
|Simple rate limiter options to brake edit floods.|
|Introduced in version:||1.4.5|
|Removed in version:||still in use|
|Default value:||see below|
|Other settings: Alphabetical | By function|
This setting provides a simple rate limiter to brake floods of edits and other potentially destructive behavior, like sending out emails to other users. It sets a maximum number of actions allowed in the given number of seconds; after that, the violating client receives HTTP 429 error pages until the period elapses. To check if a rate limit has been exceeded, use the User::pingLimiter() function.
For example, to set a maximum of 4 edits per 60 seconds for "newbie" (i.e. non-autoconfirmed) users, add the following:
$wgRateLimits['edit']['newbie'] = array( 4, 60 );
ip limit applies to both unregistered and "newbie" users. The
newbie limit applies by action and user, and the
ip limit by action and IP. So if you have many newbies using the same IP address, they all aggregate in the same count for the
ip limit. This might have wanted and unwanted effects. If you for example have a code sprint with a huge number of (legitimate) new users, they might hit the IP limit rather quickly, which might be unwanted. On the other hand, spammers who use several different accounts from the same IP address will hit it as well, which will be wanted.
$wgRateLimits['anAction']['&can-bypass'] = false; the limitations for a specific action can be marked as not skippable. If that is set, neither the noratelimit user right nor the $wgRateLimitsExcludedIPs setting have any effect for that action.
$wgMainCacheType must be set to a value other than CACHE_NONE for this setting to work.
$wgRateLimits = [ // Page edits 'edit' => [ 'ip' => [ 8, 60 ], 'newbie' => [ 8, 60 ], 'user' => [ 90, 60 ], ], // Page moves 'move' => [ 'newbie' => [ 2, 120 ], 'user' => [ 8, 60 ], ], // File uploads 'upload' => [ 'ip' => [ 8, 60 ], 'newbie' => [ 8, 60 ], ], // Page rollbacks 'rollback' => [ 'user' => [ 10, 60 ], 'newbie' => [ 5, 120 ] ], // Triggering password resets emails 'mailpassword' => [ 'ip' => [ 5, 3600 ], ], // Emailing other users using MediaWiki 'emailuser' => [ 'ip' => [ 5, 86400 ], 'newbie' => [ 5, 86400 ], 'user' => [ 20, 86400 ], ], // Purging pages 'purge' => [ 'ip' => [ 30, 60 ], 'user' => [ 30, 60 ], ], // Purges of link tables 'linkpurge' => [ 'ip' => [ 30, 60 ], 'user' => [ 30, 60 ], ], // Files rendered via thumb.php or thumb_handler.php 'renderfile' => [ 'ip' => [ 700, 30 ], 'user' => [ 700, 30 ], ], // Same as above but for non-standard thumbnails 'renderfile-nonstandard' => [ 'ip' => [ 70, 30 ], 'user' => [ 70, 30 ], ], // Stashing edits into cache before save 'stashedit' => [ 'ip' => [ 30, 60 ], 'newbie' => [ 30, 60 ], ], // Adding or removing change tags 'changetag' => [ 'ip' => [ 8, 60 ], 'newbie' => [ 8, 60 ], ], // Changing the content model of a page 'editcontentmodel' => [ 'newbie' => [ 2, 120 ], 'user' => [ 8, 60 ], ], ];
Extensions can provide additional keys for $wgRateLimit. E.g. Extension:ConfirmEdit provides a "badcaptcha" key, which allows to throttle users based on the number of wrong answers they have given to a captcha. An example might be:
$wgRateLimits['badcaptcha']['newbie'] = array( 100, 86400 );
This will allow newbie users not more than 100 wrong answers per day (86400 seconds).
- The 'mailpassword' array was added in MediaWiki 1.7.0.
- The 'emailuser' array was added in MediaWiki 1.10.0.
- The 'linkpurge' array was added in MediaWiki 1.22.0.
- The 'renderfile' array was added in MediaWiki 1.22.0.