Currently that endpoint is accessible by everyone, and without parameters it returns up to 10k jobs.
Additionally it executes several SELECTS for each of the 10k jobs, resulting in about 40k.
This can take very long, for example I saw 150s on o3 today. So with only one HTTP request you can keep the webserver and DB occupied for 150s.
- Test if the same optimization as in #93925 helps
- Maybe choose a lower limit than 10k?
- Restrict requests with a large limit to authenticated users
For comparison the Search route has a configurable rate limit based on a minion lock which is per user if logged in, or global otherwise. Additionally there's a configurable hard limit on the number of results. See lib/OpenQA/WebAPI/Controller/API/V1/Search.pm#L184.