⚠ Switch to EXCALIDRAW VIEW in the MORE OPTIONS menu of this document. ⚠
Text Elements
Requirements:
- Limit the amount of times that a user can access
a service within a set time period.
- A way to distinguish between different users.
- A way to keep track of how many times a user has tried to access the service.
How do we keep track of unique users?
How do we keep track of when a user has logged in?
Client
- IP address
- MAC Address
API
rate limiter
request
too many requests HTTP status
use a key value-store to track each time a user logs in.
bucket cache
{ user1: 5, user2: 3, etc. }
check cache for tokens, decrement if tokens are available
LB
blacklist DB
if user is in the blacklist db, don’t allow.
{ user1: time_to_unblacklist, … }
tunable parameters
rules DB
globally distributed through database replication (master/slave)
rules cache
on a timer, increment all the values in the cache
request