chore: reenable security scans and dynamic rate limiting again on staging

netomi · netomi · commit 591dcec392ce · 2026-02-17T14:44:26.000+01:00
diff --git a/configuration/application.yml b/configuration/application.yml
@@ -104,60 +104,60 @@ org:
     miscellaneous:
       allow-anonymous-data-usage: false
 bucket4j:
-  enabled: true
-  cache-to-use: redis-cluster-jedis
-  filters:
-    - cache-name: buckets
-      url: '/api/-/(namespace/create|publish)'
-      http-response-headers:
-        Access-Control-Allow-Origin: '*'
-        Access-Control-Expose-Headers: X-Rate-Limit-Retry-After-Seconds, X-Rate-Limit-Remaining
-      rate-limits:
-        - cache-key: getParameter("token")
-          bandwidths:
-            - capacity: 15
-              time: 1
-              unit: seconds
-    - cache-name: buckets
-      url: '/vscode/asset/.*/.*/.*/Microsoft.VisualStudio.Services.Icons.Default'
-      http-response-headers:
-        Access-Control-Allow-Origin: '*'
-        Access-Control-Expose-Headers: X-Rate-Limit-Retry-After-Seconds, X-Rate-Limit-Remaining
-      rate-limits:
-        - cache-key: '(getHeader("X-Forwarded-For")?: getRemoteAddr()).split(",")[0].trim()'
-          bandwidths:
-            - capacity: 75
-              time: 1
-              unit: seconds
-    - cache-name: buckets
-      url: '/vscode/(?!asset/.*/.*/.*/Microsoft.VisualStudio.Services.Icons.Default).*'
-      http-response-headers:
-        Access-Control-Allow-Origin: '*'
-        Access-Control-Expose-Headers: X-Rate-Limit-Retry-After-Seconds, X-Rate-Limit-Remaining
-      rate-limits:
-        - cache-key: '(getHeader("X-Forwarded-For")?: getRemoteAddr()).split(",")[0].trim()'
-          bandwidths:
-            - capacity: 75
-              time: 1
-              unit: seconds
-    - cache-name: buckets
-      url: '/api/(?!(.*/.*/review(/delete)?)|(-/(namespace/create|publish))).*'
-      http-response-headers:
-        Access-Control-Allow-Origin: '*'
-        Access-Control-Expose-Headers: X-Rate-Limit-Retry-After-Seconds, X-Rate-Limit-Remaining
-      rate-limits:
-        - execute-condition: getParameter("token") != null
-          cache-key: getParameter("token")
-          bandwidths:
-            - capacity: 15
-              time: 1
-              unit: seconds
-        - execute-condition: getParameter("token") == null
-          cache-key: '(getHeader("X-Forwarded-For")?: getRemoteAddr()).split(",")[0].trim()'
-          bandwidths:
-            - capacity: 15
-              time: 1
-              unit: seconds
+  enabled: false
+#  cache-to-use: redis-cluster-jedis
+#  filters:
+#    - cache-name: buckets
+#      url: '/api/-/(namespace/create|publish)'
+#      http-response-headers:
+#        Access-Control-Allow-Origin: '*'
+#        Access-Control-Expose-Headers: X-Rate-Limit-Retry-After-Seconds, X-Rate-Limit-Remaining
+#      rate-limits:
+#        - cache-key: getParameter("token")
+#          bandwidths:
+#            - capacity: 15
+#              time: 1
+#              unit: seconds
+#    - cache-name: buckets
+#      url: '/vscode/asset/.*/.*/.*/Microsoft.VisualStudio.Services.Icons.Default'
+#      http-response-headers:
+#        Access-Control-Allow-Origin: '*'
+#        Access-Control-Expose-Headers: X-Rate-Limit-Retry-After-Seconds, X-Rate-Limit-Remaining
+#      rate-limits:
+#        - cache-key: '(getHeader("X-Forwarded-For")?: getRemoteAddr()).split(",")[0].trim()'
+#          bandwidths:
+#            - capacity: 75
+#              time: 1
+#              unit: seconds
+#    - cache-name: buckets
+#      url: '/vscode/(?!asset/.*/.*/.*/Microsoft.VisualStudio.Services.Icons.Default).*'
+#      http-response-headers:
+#        Access-Control-Allow-Origin: '*'
+#        Access-Control-Expose-Headers: X-Rate-Limit-Retry-After-Seconds, X-Rate-Limit-Remaining
+#      rate-limits:
+#        - cache-key: '(getHeader("X-Forwarded-For")?: getRemoteAddr()).split(",")[0].trim()'
+#          bandwidths:
+#            - capacity: 75
+#              time: 1
+#              unit: seconds
+#    - cache-name: buckets
+#      url: '/api/(?!(.*/.*/review(/delete)?)|(-/(namespace/create|publish))).*'
+#      http-response-headers:
+#        Access-Control-Allow-Origin: '*'
+#        Access-Control-Expose-Headers: X-Rate-Limit-Retry-After-Seconds, X-Rate-Limit-Remaining
+#      rate-limits:
+#        - execute-condition: getParameter("token") != null
+#          cache-key: getParameter("token")
+#          bandwidths:
+#            - capacity: 15
+#              time: 1
+#              unit: seconds
+#        - execute-condition: getParameter("token") == null
+#          cache-key: '(getHeader("X-Forwarded-For")?: getRemoteAddr()).split(",")[0].trim()'
+#          bandwidths:
+#            - capacity: 15
+#              time: 1
+#              unit: seconds
 ovsx:
   token-prefix: ovsxat_
   storage:
@@ -236,7 +236,7 @@ ovsx:
 
   # tier-based rate limiting configuration
   rate-limit:
-    enabled: false
+    enabled: true
     ip-address-function: '(getHeader("X-Forwarded-For")?: getRemoteAddr()).split(",")[0].trim()'
     usage-stats:
       job-schedule: '*/30 * * * *'
@@ -258,7 +258,7 @@ ovsx:
 
   # General scanning support
   scanning:
-    enabled: false
+    enabled: true
 
     # Shared archive limits for all scanning checks (secret detection, blocklist, etc.)
     max-archive-size-bytes: 1073741824   # 1 GB total archive limit
