What is Rate Limiter?
In the most general way, Rate Limiter limits the number of requests to access a resource on the system from an agent (user, browser, other server…), in a specified period of time .
Based on some rate limiter techniques, when a certain threshold is breached or reached, those requests will be blocked from accessing the system.
The three factors that I emphasized above: quantity, agent, time are also
Core Concepts of Rate Limiter. Also the focus of today’s post.
Rate Limiter with practical examples
Surely you have also faced or witnessed one of the following cases:
- The PIN of the card has been entered incorrectly more than 5 times, please contact the bank to unlock the card
- In some applications, when you enter the wrong password too many times, you will receive a message, something like:
Số lượng yêu cầu vượt quá mức cho phép(like error 2027 of a fairly famous application in Vietnam)
- Normally, Vietnamese IPs are easily blocked by foreign commercial websites due to previous attacks
- Or when requesting to receive OTP too much in 1 minute, you have to wait for the allotted time to expire before you can request a new OTP message.
If you pay close attention, you will see examples 1&2 related to the quantity factor, example 3 referring to the factor factor, and finally the time factor. This is the heart of Rate Limiter, and a true Rate Limiter often combines all three of the above.
Why Rate Limiter
It is said that it is necessary, but actually depends on your system, if it is small and medium scale, naturally whether or not a system serves the above tasks is not too important.
But when the system reaches a larger scale, you definitely need to ask more questions and concerns for Rate Limiter, as with the following issues:
- Security: the first must be DOS and DDOS, while brute force, credential stuffing attacks or web scraping… for example
- Resource balance: Ensure the server is not overloaded, allocate resources reasonably / fairly for each user on the system
- Cost savings: “controlled” access to resources reduces the increase in system costs.
Some algorithms used in Rate Limiter
Some of the most commonly used algorithms are listed below:
- Leaky Bucket
- Fixed Window Counter
- Slide Window Log
- Slide Window Counter
In the article Part 2 , I will talk about these algorithms in detail. Let’s follow along
Thank you everyone for reading this post