Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API8 - rate limit #70

Closed
LaurentCB opened this issue Feb 20, 2023 · 1 comment
Closed

API8 - rate limit #70

LaurentCB opened this issue Feb 20, 2023 · 1 comment
Assignees
@inonshk
Labels
2023RC enhancement New feature or request

Comments

@LaurentCB
Copy link

on API8 "how to prevent" section rate limiting should be specified, there 2 kinds of rate limiting in practice :

  • appliance / proxy / load balancer rate limit (network level)
  • application rate limit (API / software level)
    (for instance if a node of you API can't handle more than X requests per minute you could rate limit globally to X requests per
    minute on all endpoints of the API)

Quote From Neil Madden:
Even if you enforce rate-limiting at a proxy server, it is good security practice to also enforce rate limits in each server so that if the proxy server misbehaves or is misconfigured, it is still difficult to bring down the individual API servers. This is an instance of the general security principle known as defense in depth, which aims to ensure that no failure of a single mechanism is enough to compromise your API.
@PauloASilva PauloASilva added 2023RC enhancement New feature or request labels Feb 20, 2023
@LaurentCB
Copy link
Author

My bad rate limit is already mentioned at point 4, but maybe insist on it could be good though..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@inonshk inonshk

Labels
2023RC enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@PauloASilva @inonshk @LaurentCB