Skip to content

[HTTP] The Rate-Limiter UX improvements#227678

Merged
dokmic merged 13 commits intoelastic:mainfrom
dokmic:feature/rate-limiting-ux
Jul 28, 2025
Merged

[HTTP] The Rate-Limiter UX improvements#227678
dokmic merged 13 commits intoelastic:mainfrom
dokmic:feature/rate-limiting-ux

Conversation

@dokmic
Copy link
Contributor

@dokmic dokmic commented Jul 11, 2025
edited
Loading

Summary

This PR addresses the following items:

Testing

To test the error page, headers, and the request repetition, please use the following config snippet:

server.rateLimiter.enabled: true
server.rateLimiter.elu: 0.01
server.rateLimiter.term: short

To test the status changes, please increase the threshold value and refresh Kibana a few times:

server.rateLimiter.elu: 0.2

Screenshots

Server is overloaded error page

image

Error page with a countdown

image

dokmic added 13 commits May 28, 2025 16:33
@dokmic
Exclude bootstrap routes from the rate limiter to enable error page r…
70e7b5f 
…endering (elastic#227771)
@dokmic
Add rate-limiting specific headers to responses on the throttled requ…
3920268 
…ests (elastic#221386)
@dokmic
Remove code returning fatal error info that became obsolete after ela…
1aaf297 
…stic#59781 and elastic#48301 (elastic#227776)
@dokmic
Refactor the fatal errors service to make it more extensible (elastic…
489b16b 
…#227776) (elastic#227777)
@dokmic
Add a server-overloaded error page (elastic#221387)
4612cf4
@dokmic
Extend the browser HTTP client to support fetch call interception (el…
6ce202a 
…astic#227774)
@dokmic
Add a rate limiter interceptor to repeat throttled requests (elastic#…
79a260a 
…221385)
@dokmic
Decouple rate limiter error from the fatal errors service (elastic#22…
cac1893 
…7776)
@dokmic
Rename the server package for consistency
f2f52fb
@dokmic
Extract the rate limiter policy to a constant
89fab3f
@dokmic
Fix rate limiter retry timeout so that it does not return values belo…
dc73cb8 
…w the collection interval (elastic#221386)
@dokmic
Add browser-side fetch interceptor tests (elastic#221385)
ddbde52
@dokmic
Update status service to track http server availability (elastic#212814)
e8454ac
@dokmic dokmic force-pushed the feature/rate-limiting-ux branch 11 times, most recently from b5ff319 to 38b37ae Compare July 17, 2025 10:45
@dokmic dokmic marked this pull request as ready for review July 17, 2025 12:27
@dokmic dokmic requested review from a team as code owners July 17, 2025 12:27
@dokmic dokmic self-assigned this Jul 17, 2025
@dokmic dokmic added Team:Core Platform Core services: plugins, logging, config, saved objects, http, ES client, i18n, etc t// v9.2.0 labels Jul 17, 2025
@elasticmachine
Copy link
Contributor

elasticmachine commented Jul 17, 2025

Pinging @elastic/kibana-core (Team:Core)
florent-leborgne
florent-leborgne approved these changes Jul 18, 2025
View reviewed changes
Copy link
Contributor

@florent-leborgne florent-leborgne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docs changes LGTM.

Just one thing that I'm not sure of: Will these changes also apply to API users using previous versions like 9.0 or 9.1? If not, it may be good too call out that this change applies from version 9.2 using an availability property as demonstrated on this page. These can also be applied at the parameter and property level when those availabilities are introduced later than the original API-level availability.

Ignore my comment if not relevant for this change :)
TinaHeiligers
TinaHeiligers approved these changes Jul 21, 2025
View reviewed changes
Copy link
Contributor

@TinaHeiligers TinaHeiligers left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
jloleysens
jloleysens approved these changes Jul 22, 2025
View reviewed changes
Copy link
Contributor

@jloleysens jloleysens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just left a few drive-by comments, overall this looks great! Would be awesome to see a demo of this new error page to get a better sense of the UX.
elena-shostak
elena-shostak approved these changes Jul 23, 2025
View reviewed changes
Copy link
Contributor

@elena-shostak elena-shostak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security test changes LGTM
@dokmic dokmic force-pushed the feature/rate-limiting-ux branch from 38b37ae to d0625ee Compare July 24, 2025 15:56
@elasticmachine
Copy link
Contributor

elasticmachine commented Jul 24, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] Investigations - Security Solution Cypress Tests #2 / Alert details expandable flyout left panel prevalence should open host preview when click on host name should open host preview when click on host name
  • [job] [logs] Investigations - Security Solution Cypress Tests #2 / Alert details expandable flyout left panel prevalence should open user preview when click on user name should open user preview when click on user name
  • [job] [logs] Detection Engine - Exceptions - Security Solution Cypress Tests #3 / Auto populate exception with Alert data Should create a Rule exception from Alerts take action button and change multiple exception items without resetting to initial auto-prefilled entries Should create a Rule exception from Alerts take action button and change multiple exception items without resetting to initial auto-prefilled entries
  • [job] [logs] Detection Engine - Exceptions - Security Solution Cypress Tests #3 / Auto populate exception with Alert data Should delete all prefilled exception entries when creating a Rule exception from Alerts take action button without resetting to initial auto-prefilled entries Should delete all prefilled exception entries when creating a Rule exception from Alerts take action button without resetting to initial auto-prefilled entries
  • [job] [logs] Detection Engine - Security Solution Cypress Tests #3 / bulk fill rule gaps handle the case when the request to fill gaps errors handle the case when the request to fill gaps errors
  • [job] [logs] Detection Engine - Exceptions - Security Solution Cypress Tests #1 / Close matching Alerts Should close all alerts from if several rules has shared exception list Should close all alerts from if several rules has shared exception list
  • [job] [logs] FTR Configs #68 / Cloud Security Posture Agentless cloud Hyperlink on PostInstallation Modal should have the correct URL
  • [job] [logs] FTR Configs #68 / Cloud Security Posture Agentless cloud Hyperlink on PostInstallation Modal should have the correct URL
  • [job] [logs] FTR Configs #130 / cloud_security_posture Serverless - Agentless CIS Integration Page Serverless - Agentless CIS_AWS edit flow user should save and edit agentless integration policy
  • [job] [logs] FTR Configs #130 / cloud_security_posture Serverless - Agentless CIS Integration Page Serverless - Agentless CIS_AWS edit flow user should save and edit agentless integration policy
  • [job] [logs] Detection Engine - Exceptions - Security Solution Cypress Tests #3 / Manage lists from "Shared Exception Lists" page Create/Export/Delete List Create exception list Create exception list
  • [job] [logs] Detection Engine - Exceptions - Security Solution Cypress Tests #3 / Manage lists from "Shared Exception Lists" page Create/Export/Delete List Link rules to shared exception list Link rules to shared exception list
  • [job] [logs] Investigations - Security Solution Cypress Tests #2 / Multiple indicators Indicator page search should handle all search actions should handle all search actions
  • [job] [logs] FTR Configs #109 / serverless observability UI Onboarding Onboarding Auto-Detect guides user through data onboarding
  • [job] [logs] FTR Configs #109 / serverless observability UI Onboarding Onboarding Auto-Detect guides user through data onboarding
  • [job] [logs] FTR Configs #52 / Synthetics API Tests AddProjectMonitors "before all" hook for "project monitors - saves space as data stream namespace"
  • [job] [logs] FTR Configs #52 / Synthetics API Tests AddProjectMonitors "before all" hook for "project monitors - saves space as data stream namespace"

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
core 444 453 +9

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
@kbn/core-status-common 22 20 -2
@kbn/core-status-server 3 1 -2
@kbn/core-status-server-internal 24 25 +1
total -3

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
core 476.0KB 478.4KB +2.3KB
Unknown metric groups

API count

id before after diff
@kbn/core-fatal-errors-browser 9 14 +5
@kbn/core-http-browser 116 120 +4
@kbn/core-metrics-server-internal 6 7 +1
@kbn/core-status-common 33 31 -2
@kbn/core-status-server 20 18 -2
@kbn/core-status-server-internal 24 25 +1
total +7

ESLint disabled line counts

id before after diff
@kbn/core-fatal-errors-browser-internal 4 3 -1

Total ESLint disabled count

id before after diff
@kbn/core-fatal-errors-browser-internal 4 3 -1

History

cc @dokmic
@dokmic dokmic force-pushed the feature/rate-limiting-ux branch from d0625ee to e8454ac Compare July 28, 2025 10:13
@dokmic dokmic removed the request for review from a team July 28, 2025 10:20
@dokmic dokmic merged commit 9423d6d into elastic:main Jul 28, 2025
14 checks passed
@dokmic dokmic deleted the feature/rate-limiting-ux branch July 28, 2025 13:12
@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Jul 30, 2025
@kibanamachine
Copy link
Contributor

kibanamachine commented Jul 30, 2025

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 227678 locally
cc: @dokmic
1 similar comment
@kibanamachine
Copy link
Contributor

kibanamachine commented Jul 31, 2025

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 227678 locally
cc: @dokmic
@dokmic dokmic added the backport:skip This PR does not require backporting label Aug 1, 2025
@kibanamachine kibanamachine removed the backport missing Added to PRs automatically when the are determined to be missing a backport. label Aug 1, 2025
delanni pushed a commit to delanni/kibana that referenced this pull request Aug 5, 2025
@dokmic @delanni
[HTTP] The Rate-Limiter UX improvements (elastic#227678)
3c0562a 
## Summary

This PR addresses the following items:
- Exclude critical routes from the rate-limiter to serve basic functionality (resolves elastic#227771).
- Refactor the fatal errors service to make it extensible (resolves elastic#227776).
- Get rid of `enzyme` in the fatal errors service (resolves elastic#227777).
- Add an error page showing when the server is overloaded (resolves elastic#221387).
- Add a response header returning the cooldown timeout (resolves elastic#221386).
- Add support for intercepting the fetch call to provide better extensibility of the HTTP client (resolves elastic#227774).
- Add a mechanism for repeating throttled HTTP requests (resolves elastic#221385).
- Extend the status service to report rate-limiting (resolves elastic#212814).

## Testing

To test the error page, headers, and the request repetition, please use the following config snippet:
```yaml
server.rateLimiter.enabled: true
server.rateLimiter.elu: 0.01
server.rateLimiter.term: short
```

To test the status changes, please increase the threshold value and refresh Kibana a few times:
```yaml
server.rateLimiter.elu: 0.2
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport:skip This PR does not require backporting backport:version Backport to applied version labels Feature:http release_note:enhancement Team:Core Platform Core services: plugins, logging, config, saved objects, http, ES client, i18n, etc t// v9.2.0

7 participants

@dokmic @elasticmachine @kibanamachine @jloleysens @florent-leborgne @TinaHeiligers @elena-shostak