Creation of rooms is ratelimited even though the spec says it should not be

[Ah3n0]

Description

In spec 8.2 there is no rate limit set. I get a rate limit exceed after 10 requests.

Steps to reproduce

• list the steps
• that reproduce the bug
• using hyphens as bullet points

Homeserver

own

Synapse Version

1.73

Installation Method

Docker (matrixdotorg/synapse)

Database

PostgreSQL

Workers

Single process

Platform

K8s cluster

Configuration

turned off all known time limits respectively set 100 al each limit:

extraConfig.rc_message.per_second=0
extraConfig.rc_message.burst_count=1000
extraConfig.rc_registration.per_second=0
extraConfig.rc_registration.burst_count=1000
extraConfig.rc_admin_redaction.per_second=0
extraConfig.rc_admin_redaction.burst_count=1000
extraConfig.rc_registration_token_validity.per_second=0
extraConfig.rc_registration_token_validity.burst_count=1000
extraConfig.rc_joins_per_room.per_second=0
extraConfig.rc_joins_per_room.burst_count=1000
extraConfig.rc_3pid_validation.per_second=0
extraConfig.rc_3pid_validation.burst_count=1000
extraConfig.rc_login.address.per_second=0
extraConfig.rc_login.address.burst_count=1000
extraConfig.rc_login.account.per_second=0
extraConfig.rc_login.account.burst_count=1000
extraConfig.rc_login.failed_attempts.per_second=0
extraConfig.rc_login.failed_attempts.burst_count=1000
extraConfig.rc_joins.local.per_second=0
extraConfig.rc_joins.local.burst_count=1000
extraConfig.rc_joins.remote.per_second=0
extraConfig.rc_joins.remote.burst_count=1000
extraConfig.rc_invites.per_room.per_second=0
extraConfig.rc_invites.per_room.burst_count=1000
extraConfig.rc_invites.per_user.per_second=0
extraConfig.rc_invites.per_user.burst_count=1000
extraConfig.rc_invites.per_issuer.per_second=0
extraConfig.rc_invites.per_issuer.burst_count=1000
extraConfig.rc_invites.rc_third_party_invite.per_second=0
extraConfig.rc_invites.rc_third_party_invite.burst_count=1000

Relevant log output

{
    "errcode": "M_LIMIT_EXCEEDED",
    "error": "Too Many Requests",
    "retry_after_ms": -1676458606214
}

Anything else that would be useful to know?

[reivilibre]

I'm surprised the spec even talks about rate-limiting in any way other than 'homeservers might rate-limit requests'. I'm struggling to think of virtually any request that shouldn't be rate-limited, really — is a homeserver really expected to allow unbounded creation of rooms?

I propose we open a spec bug about this, but have put it on our board for discussion.

[Ah3n0]

Rate limit seems to be not fix. Now I get an error after 10 successful request. (rate-limited depends on something?)

[reivilibre]

That sounds like your rate-limit hadn't worn off fully since last time. As a note, I don't think you want per_second: 0 — you want a very high number instead. per_second: 1000000 would be more like it.

[Ah3n0]

I played around with this a bit and found that per_second: 0 fits quite well. High values quickly led to errors. On the other hand, burst_count cannot be set to 0. I was supposed to go higher here, but I hadn't reached the limit, yet. I'll play around with per_second again.
But there is no special rate-limit for this error. (as expected)

[Ah3n0]

OK, i figured out that the rate-limited starts for a user if he has in sum created or joined 10 room.