-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request flooding bypasses rate limit to some extend #1064
Comments
Which version of nestjs-throttler-storage-redis are you currently using? This should not be a problem with the latest 0.2.2 version. |
the version is 0.2.2. The issue is related to Redis storage. because without RedisStorage(in memory) the guard is working perfectly. I think the logic written in addRecord and getRecord works very slowly, for it can't accumulate requests. @kkoomen |
This is the script which I use for testing. ` for (let i = 0; i < 1000; i++) { |
Okay so, this is a tougher problem (to me) than it initially seemed. I found out that Have a look at the So, how the The way To make it more clear: the The problem with
EDIT: A solution has been implemented, see my next comment. |
Changes have been made in the |
…limits (fixes #1064) These changes have been made based on the new PR changes from @nestjs/throttler#1304, see: nestjs/throttler#1304
This has been released in version v0.3.0 on NPM. Special thanks to @zhorakaroy for discovering this nasty bug. This was a good improvement for the nestjs throttler core package as well as for this package. |
The service doesn't work properly when there are for example more than 5 requests in a second, for example, the limitation is 5 requests per second.
if we did the requests by Postman or Browser all will work fine.
But if we use the script to make requests for example 1000 per second, the guard will not work and will forward a request to the controller. @Throttle(5, 1)
I changed storage from Redis to memory and it works fine for 1000 requests for a second, and after 5 requests the guard is activating.
As I understand the logic written in functions addRecord and getRecord works very slowly, for that it's working when we make requests by the postman and doesn't work when we use the script for checking.
The text was updated successfully, but these errors were encountered: