Rate limiting is a mechanism that many developers may have to deal with at some point in their life. It’s useful for a variety of purposes like sharing access to limited resources or limiting the number of requests made to an API endpoint and responding with a 429 status code.
In this tutorial, we will see how to implement Rate Limiting using various programming languages:
- Docker Compose
If you install redis manually open django-backend/configuration folder and copy
.env.example to create
.env. And provide the values for environment variables
Install python, pip and venv (on mac: https://installpython3.com/mac/)
Use python version: 3.8
Step 5. Accessing the rate limiting app
This app will block connections from a client after surpassing certain amount of requests (default: 10) per time (default: 10 sec) The application will return after each request the following headers. That will let the user know how many requests they have remaining before the run over the limit. On the 10th run server should return an HTTP status code of 429 Too Many Requests
SETNX is short for "SET if Not eXists". It basically sets key to hold string value if key does not exist. In that case, it is equal to SET. When key already holds a value, no operation is performed. New responses are added key-ip as shown below:
Set a timeout on key:
Next responses are get bucket:
Next responses are changed bucket:
- Node - v12.19.0
- NPM - v6.14.8
- Docker - v19.03.13 (optional)
Copy .env.example to .env and make the changes as per your environment
- REDIS_ENDPOINT_URI: Redis server URI
- REDIS_PASSWORD: Password to the server
- Docker Compose
Open directory server (cd server): copy .env.example to create .env and provide the values for environment variables (if needed).
Install gradle (on mac: https://gradle.org/install/)
Install JDK (on mac: https://docs.oracle.com/javase/10/install/installation-jdk-and-jre-macos.htm)
Point your browser to http://IP:5000 and you will be able to select various requests per second option on the screen. As shown in the above example, the server will allow sending max 10 API requests within a 10 second window.If you send more than that, all additional requests will be blocked
The server will allow sending particular number of requests (permitted_requests_count stored in Redis) within a 10 second window. If you send more than that, all additional requests will be blocked.
- Ruby - v2.7.0
- Rails - v22.214.171.124
- NPM - v7.6.0
Copy config/application.yml.example to config/application.yml
Go to the browser and type https://localhost:3000 to access the app
This app was built using rack-defense gem which will block connections from a client after surpassing certain amount of requests (permitted_requests_count, default: 10) per time (10 seconds).
The application will return response headers after each successful request:
The application will also return request header after each request (including blocking requests) with count of remaining requests:
The permitted_requests_count is stored in Redis store in string format. By default, it's 10. You can set new VALUE with these commands:
IMPORTANT! For the new permitted_requests_count value to take effect you need to restart an app (rails) server after these commands.
You can get permitted_requests_count with this command: