Details
-
Bug
-
Resolution: Fixed
-
Low
-
8.5.0, 8.5.3
-
None
-
1
-
Severity 3 - Minor
-
Description
Issue Summary
When loading the "List of limited accounts" on the "Rate limiting" admin page, the anonymous user exception rules are deleted.
This only occurs if the Anonymous user (Anonymous accounts) have been rate limited and are displayed on the "List of limited accounts" page. It will also remove the Anonymous user from the list.
This is reproducible on Data Center: yes
Steps to Reproduce
- Enable Anonymous access and rate limiting on your instance
- Add an Exception rule to block all requests for the Anonymous user
- Curl a rest API without authentication and receive "HTTP Status 429 – Too Many Requests"
- Wait a few minutes to ensure the data has been updated in the database
- Load the Rate limiting admin page and check the List of limited accounts for the user Anonymous
Expected Results
Anonymous user is in the List of limited accounts and the exception rule remains
Actual Results
Anonymous user is not in the List of limited accounts and the exception rule is removed
Workaround
Avoid loading the List of limited accounts after setting the exception rule
Attachments
Issue Links
- mentioned in
-
Page Loading...