Add API call throttle (preferably per client) #2

Closed
devraj opened this Issue Feb 24, 2013 · 1 comment

Comments

Projects
None yet
2 participants
Owner

devraj commented Feb 24, 2013

Introduce an API / feature to allow automatic throttling of queries being sent to each handler.

devraj was assigned Aug 31, 2013

@devraj devraj modified the milestone: 2.1, 2.0 May 13, 2014

@BradMclain BradMclain modified the milestone: Future Dec 1, 2014

@devraj devraj modified the milestone: 2.1.0 Jan 18, 2015

devraj added the invalid label Jun 11, 2015

Owner

devraj commented Jun 11, 2015

This feature requires infrastructure level intervention to work effectively. In either cases the URL would have to make it to request router and thus execute the handler code before the call can be blocked.

  • Blocking by IP does not work because of NAT, it could work but it would be brutal.
  • Blocking by user if the application sets a cookie or other identifying tokens, the client can quite easily drop the user session token in subsequent requests thus allowing them to create a DoS attack.

Suggestions for infrastructure level solutions:

devraj closed this Jun 11, 2015

@BradMclain BradMclain modified the milestone: 3.1.0, 2.0.9 Aug 7, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment