Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it. We invite you to submit your ideas using the form below. Please be sure to include the problem for which you are solving and the benefits of implementing the idea.

We do our best to implement as many Ideas as we can. Our Product team will evaluate all submitted ideas in a timely manner and will disposition each into one of the following categories: will integrate into the product roadmap, further research is needed, unlikely to implement.

Thanks for collaborating with us!

Allow for nginx-based rate limiting

It would ideal if a Chef Automate HA cluster would allow for user-defined rate limiting of incoming requests. This could possibly be implemented by surfacing (perhaps to config.toml?) configurability of nginx's limit_req* directives.

This would be beneficial to Chef customers insofar that an organization could better mitigate DDoS attacks as well as generally have more control over the influx of requests to their Chef stack. Additionally, by allowing the organization to configure all aspects of limit_req* they would also be able to do things like:

  • Denylisting specific IP addresses/ranges (or even allowlisting known good ones)

  • Ensuring slow connections are closed

  • Blocking any traffic that was not forwarded by an external [to Chef Automate] load balancer

  • And many other unique use-cases

  • Austin Culter
  • Jun 24 2021
  • Currently Declined
  • Attach files
  • Admin
    Ankur Mundhra commented
    28 Jun, 2021 06:50am

    Thanks for bringing this to our notice, Austin! We will take a look at it while improving the HA capability in the product.