rack-ratelimit's Introduction

Rack::Ratelimit

Run multiple rate limiters in a single app
Scope each rate limit to certain requests: API, files, GET vs POST, etc.
Apply each rate limit by request characteristics: IP, subdomain, OAuth2 token, etc.
Flexible time window to limit burst traffic vs hourly or daily traffic: 100 requests per 10 sec, 500 req/minute, 10000 req/hour, etc.
Fast, low-overhead implementation in memcache using counters for discrete timeslices: timeslice = window * ceiling(current time / window) memcache.incr(counter for timeslice)

Configuration

Takes a block that classifies requests for rate limiting. Given a Rack env, return a string such as IP address, API token, etc. If the block returns nil, the request won't be rate-limited. If a block is not given, all requests get the same limits.

Required configuration:

rate: an array of [max requests, period in seconds]: [500, 5.minutes]

and one of

cache: a Dalli::Client instance
redis: a Redis instance
counter: Your own custom counter. Must respond to #increment(classification_string, end_of_time_window_timestamp) and return the counter value after increment.

Optional configuration:

name: name of the rate limiter. Defaults to 'HTTP'. Used in messages.
conditions: array of procs that take a rack env, all of which must return true to rate-limit the request.
exceptions: array of procs that take a rack env, any of which may return true to exclude the request from rate limiting.
logger: responds to #info(message). If provided, the rate limiter logs the first request that hits the rate limit, but none of the subsequently blocked requests.
error_message: the message returned in the response body when the rate limit is exceeded. Defaults to " rate limit exceeded. Please wait seconds then retry your request."

Examples

Rate-limit bursts of POST/PUT/DELETE requests by IP address

use(Rack::Ratelimit, name: 'POST',
  exceptions: ->(env) { env['REQUEST_METHOD'] == 'GET' },
  rate:   [50, 10.seconds],
  cache:  Dalli::Client.new,
  logger: Rails.logger) { |env| Rack::Request.new(env).ip }

Rate-limit API traffic by user (set by Rack::Auth::Basic)

use(Rack::Ratelimit, name: 'API',
  conditions: ->(env) { env['REMOTE_USER'] },
  rate:   [1000, 1.hour],
  redis:  Redis.new(ratelimit_redis_config),
  logger: Rails.logger) { |env| env['REMOTE_USER'] }

rack-ratelimit's People

Contributors

Stargazers

Watchers

rack-ratelimit's Issues

1.2.0 release on Rubygems

Hi @jeremy,
We've started using your gem in one of our projects.
Nice work, by the way, it saved us.

Do you think you can release the v1.2.0 on Rubygems?

Thanks.

Check request format is not working anymore

If I use the condition together with ActionDispatch::Request.new(env).format the request become a */* and some headers are deleted. It works if I set the Accept header, but not with only the url extension

  config.middleware.use(
    Rack::Ratelimit, name: "API", conditions: -> (env) { ActionDispatch::Request.new(env).format.json? }, rate: [50, 10.seconds], redis: Redis.new, logger: Rails.logger
  ) { |env| ActionDispatch::Request.new(env).ip }

Recommend Projects

jeremy / rack-ratelimit Goto Github PK

rack-ratelimit's Introduction

Rack::Ratelimit

Configuration

Examples

rack-ratelimit's People

Contributors

Stargazers

Watchers

Forkers

rack-ratelimit's Issues

1.2.0 release on Rubygems

Check request format is not working anymore

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent