From a204098e0cb3816fd34a76c57844864798b8415e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arturo=20Filast=C3=B2?= <arturo@filasto.net>
Date: Fri, 6 Feb 2026 12:09:32 +0100
Subject: [PATCH 1/2] Add whitelisting of IPs and pages

---
 tf/environments/dev/main.tf | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf
index 7ad0aa9b..997ef36b 100644
--- a/tf/environments/dev/main.tf
+++ b/tf/environments/dev/main.tf
@@ -1114,10 +1114,13 @@ module "ooniapi_oonimeasurements" {
 
   task_environment = {
     # it has to be a json-compliant array
-    OTHER_COLLECTORS = jsonencode(["http://fastpath.${local.environment}.ooni.io:8475", "https://backend-hel.ooni.org"])
-    BASE_URL         = "https://api.${local.environment}.ooni.io"
-    S3_BUCKET_NAME   = "ooni-data-eu-fra-test"
-    VALKEY_URL       = local.ooniapi_valkey_url
+    OTHER_COLLECTORS                = jsonencode(["http://fastpath.${local.environment}.ooni.io:8475", "https://backend-hel.ooni.org"])
+    BASE_URL                        = "https://api.${local.environment}.ooni.io"
+    S3_BUCKET_NAME                  = "ooni-data-eu-fra-test"
+    VALKEY_URL                      = local.ooniapi_valkey_url
+    RATE_LIMITS                     = "10/minute;400000/day;200000/7day"
+    RATE_LIMITS_WHITELISTED_IPADDRS = jsonencode(["5.9.112.244"])
+    RATE_LIMITS_UNMETERED_PAGES     = jsonencode(["/metrics", "/health"])
   }
 
   ooniapi_service_security_groups = [

From cbde429a4aebc178723971ecccac7956698f0fbc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arturo=20Filast=C3=B2?= <arturo@filasto.net>
Date: Fri, 6 Feb 2026 12:16:27 +0100
Subject: [PATCH 2/2] Add support for IP and pages whitelisting

---
 tf/environments/prod/main.tf | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/tf/environments/prod/main.tf b/tf/environments/prod/main.tf
index fca07a7b..72a917c1 100644
--- a/tf/environments/prod/main.tf
+++ b/tf/environments/prod/main.tf
@@ -1148,10 +1148,12 @@ module "ooniapi_oonimeasurements" {
       "http://fastpath.${local.environment}.ooni.io:8475",
       "https://backend-fsn.ooni.org"
     ])
-    BASE_URL       = "https://api.ooni.io"
-    S3_BUCKET_NAME = "ooni-data-eu-fra"
-    VALKEY_URL     = local.ooniapi_valkey_url
-    RATE_LIMITS    = "10000/minute;4000000/day;2000000/7day"
+    BASE_URL                        = "https://api.ooni.io"
+    S3_BUCKET_NAME                  = "ooni-data-eu-fra"
+    VALKEY_URL                      = local.ooniapi_valkey_url
+    RATE_LIMITS                     = "10/minute;400000/day;200000/7day"
+    RATE_LIMITS_WHITELISTED_IPADDRS = jsonencode(["5.9.112.244"])
+    RATE_LIMITS_UNMETERED_PAGES     = jsonencode(["/metrics", "/health"])
   }
 
   ooniapi_service_security_groups = [