Rate Limiting
Rate limiting is an essential security mechanism that controls the number of connections per IP address within a given time interval.
Configuration
To enable rate limiting, add the following configuration to your config.yaml file:
yaml
security:
rateLimiter:
# Maximum number of requests allowed per time window
requestLimit: 10
# Duration of the time window (in seconds)
windowDuration: 1
# Block duration after limit exceeded (in seconds)
blockDuration: 300Parameters
| Parameter | Description | Default Value |
|---|---|---|
requestLimit | Maximum number of requests | 10 |
windowDuration | Window duration (seconds) | 1 |
blockDuration | Block duration (seconds) | 300 |
Operation
- A sliding window is maintained for each IP address
- Each new connection increments a counter
- If the counter exceeds
requestLimitwithin the window:- The IP is blocked for
blockDuration - New connections are rejected
- An error message is sent to the client
- The IP is blocked for
DDoS Protection
Rate limiting is part of the DDoS protection strategy along with:
- IP filtering
### NOT IMPLEMENTED ### - Subnet limitations
### NOT IMPLEMENTED ### - Adaptive thresholds
### NOT IMPLEMENTED ### - Temporary blacklist
### NOT IMPLEMENTED ###
Configuration Examples
Basic Configuration
yaml
security:
rateLimiter:
requestLimit: 10
windowDuration: 1Strict Configuration
yaml
security:
rateLimiter:
requestLimit: 5
windowDuration: 1
blockDuration: 600Monitoring - Not implemented
The rate limiter will expose metrics in the future:
- Number of blocked connections
- Currently blocked IPs
- Block rate
- Connection spikes
See Monitoring for more details.