Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add rate limit functionality #286

Open
mhajder opened this issue Aug 27, 2017 · 10 comments
Open

Add rate limit functionality #286

mhajder opened this issue Aug 27, 2017 · 10 comments
Assignees
@mevdschee
Labels
enhancement

Comments

@mhajder
Copy link

mhajder commented Aug 27, 2017

Hi,
Can I use rate limit with php-crud-api?
And how can I create this rate limit.
@mevdschee
Copy link
Owner

No, that is not (yet) supported.

You can run the script behind Kong. See: https://getkong.org/

@mevdschee mevdschee changed the title Is there a rate limit here? Add rate limit functionality Aug 28, 2017
@mevdschee mevdschee self-assigned this Aug 28, 2017
@mhajder
Copy link
Author

mhajder commented Aug 28, 2017

Is there something for shared hosting?

@mevdschee
Copy link
Owner

@rzeszow do you have memcache available? You need some store and should preferably not be the database or disk (for performance reasons).

@mhajder
Copy link
Author

mhajder commented Aug 28, 2017

Yes i have.

@mevdschee
Copy link
Owner

You can do something like described here:

https://www.leaseweb.com/labs/2015/06/limit-concurrent-php-requests-using-memcache/

@mhajder
Copy link
Author

mhajder commented Aug 28, 2017

Thanks

@mevdschee
Copy link
Owner

mevdschee commented Oct 8, 2018
edited
Loading

Some Design ideas:

If you exceed the provided rate limit for a given endpoint, you will receive the 429 Too Many Requests response

Rate limits should allow filtering of concurrent requests per ip address.

Rate limits should allow a bucket per "concurrent", "minute", "hour" and/or "day"

@mevdschee
Copy link
Owner

mevdschee commented Mar 24, 2021
edited
Loading

Rate limit scopes should be "per authenticated session" (a specific session key), or "per ip address"

Rate limits may have different buckets for different endpoints.

Rate limits may set 'X-Rate-Limit' headers, see: https://tools.ietf.org/id/draft-polli-ratelimit-headers-00.html#rfc.section.3.1

@mevdschee
Copy link
Owner

mevdschee commented Mar 24, 2021
edited
Loading

We could count query/server time and limit the quota to x milliseconds execution time per hour, to make the quota fairer.

@mevdschee
Copy link
Owner

mevdschee commented Mar 24, 2021
edited
Loading

rate limiter should error with: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/429

maybe a 'Retry-After' header (seems similar to X-Rate-Limit-Reset)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mevdschee mevdschee

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mevdschee @mhajder