• How to protect
• Create rate limiter and consume points on every request
• Minimal protection against password brute-force
• Login endpoint protection
• Websocket single connection prevent flooding
• Dynamic block duration
• Authorized and not authorized users
• Different limits for different parts of application
• Apply in-memory Block Strategy to avoid extra requests to store
• Setup Insurance Strategy for store limiters
• Third-party API, crawler, bot rate limiting