WARN: DoS ALERT: Request delayed=100ms

I am testing version 5.12 and I am getting this error:

WARN: DoS ALERT: Request delayed=100ms, ip=127.0.0.1, overlimit=OverLimit@505e3dbc[id=127.0.0.1, duration=PT0.729513191S, count=25], user=null

Previous posts on the topic suggest this is related to the now outdated cache process, however this is supposed to be fixed now. Still the error appears.

Usually, the error occurs after user registration and login, when the user tries to update their profile.

There are two strange things I noticed:

1. The error happens randomly, not for every user.
2. Once the error appears for that user, user cannot update their profile even if they try later again. However, if admin logs using the user credentials profile can be updated. (This tells me there is probably some sort of throttle/block based on user device/IP), can this be so?

Finally, why is the error message saying user=null?

This has nothing to do with caching. It is throttling. You can change the limits if you want in the config file.

Yes, I've already done that and monitoring:

web.maxRequestsPerSec

What is the default throttling threshold?

I believe it's 1 request per second.

That explains.

Is is possible that any of the API requests get rejected/timed out?

Yes, it is absolutely possible for requests to get rejected. That's the whole point of this filter.

This explains one side of the behavior I've noticed. Still, I get the requests rejected for the user even hours after the initial warning, which does not happen if the admin logs in.
Can it be that the throttling is applied per IP and for a longer duration like hours/days?

It is probably per IP. Not sure about the timing. You have to check the code.

Actually by default it's 25 requests per second.

Thanks Anton, will check the code for the rest and will keep on monitoring.