#ratelimiting — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #ratelimiting, aggregated by home.social.
-
Modernizing .NET Part 26! 🛡️
Today we’re implementing the Rate Limiting Middleware in ASP.NET Core.
✅ Concurrency control
✅ Stable response times under load
✅ No more cascading failureshttps://medium.com/@michael.kopt/%EF%B8%8F-modernizing-net-part-26-implementing-rate-limiting-middleware-in-asp-net-core-29eb8451d762
#dotnet #csharp #dotnetcore #aspnet #aspnetcore #ratelimiting #performance -
Modernizing .NET Part 26! 🛡️
Today we’re implementing the Rate Limiting Middleware in ASP.NET Core.
✅ Concurrency control
✅ Stable response times under load
✅ No more cascading failureshttps://medium.com/@michael.kopt/%EF%B8%8F-modernizing-net-part-26-implementing-rate-limiting-middleware-in-asp-net-core-29eb8451d762
#dotnet #csharp #dotnetcore #aspnet #aspnetcore #ratelimiting #performance -
🛡️ The Throttling pattern addresses system protection in distributed environments by implementing rate limiting mechanisms that control request processing rates. By using algorithms like Token Bucket, Sliding Window, and Fixed Window, applications can ensure fair resource allocation while preventing system overload.
💡 The key insight is that not all traffic is equal — by implementing intelligent rate limiting with proper monitoring and configuration, systems can maintain stability even during unexpected traffic spikes.
#DistributedSystems #SystemArchitecture #RateLimiting #SystemProtection #SoftwareEngineering
-
🛡️ The Throttling pattern addresses system protection in distributed environments by implementing rate limiting mechanisms that control request processing rates. By using algorithms like Token Bucket, Sliding Window, and Fixed Window, applications can ensure fair resource allocation while preventing system overload.
💡 The key insight is that not all traffic is equal — by implementing intelligent rate limiting with proper monitoring and configuration, systems can maintain stability even during unexpected traffic spikes.
#DistributedSystems #SystemArchitecture #RateLimiting #SystemProtection #SoftwareEngineering
-
🛡️ The Throttling pattern addresses system protection in distributed environments by implementing rate limiting mechanisms that control request processing rates. By using algorithms like Token Bucket, Sliding Window, and Fixed Window, applications can ensure fair resource allocation while preventing system overload.
💡 The key insight is that not all traffic is equal — by implementing intelligent rate limiting with proper monitoring and configuration, systems can maintain stability even during unexpected traffic spikes.
#DistributedSystems #SystemArchitecture #RateLimiting #SystemProtection #SoftwareEngineering
-
🛡️ The Throttling pattern addresses system protection in distributed environments by implementing rate limiting mechanisms that control request processing rates. By using algorithms like Token Bucket, Sliding Window, and Fixed Window, applications can ensure fair resource allocation while preventing system overload.
💡 The key insight is that not all traffic is equal — by implementing intelligent rate limiting with proper monitoring and configuration, systems can maintain stability even during unexpected traffic spikes.
#DistributedSystems #SystemArchitecture #RateLimiting #SystemProtection #SoftwareEngineering
-
🛡️ The Throttling pattern addresses system protection in distributed environments by implementing rate limiting mechanisms that control request processing rates. By using algorithms like Token Bucket, Sliding Window, and Fixed Window, applications can ensure fair resource allocation while preventing system overload.
💡 The key insight is that not all traffic is equal — by implementing intelligent rate limiting with proper monitoring and configuration, systems can maintain stability even during unexpected traffic spikes.
#DistributedSystems #SystemArchitecture #RateLimiting #SystemProtection #SoftwareEngineering
-
#Development #Challenges
Webspace invaders · Let’s level up our anti-AI scraping game! https://ilo.im/16ahl8_____
#AI #Crawlers #RobotsTxt #RateLimiting #WAFs #Cloudflare #IndieWeb #WebDev #Frontend #Backend -
#Development #Challenges
Webspace invaders · Let’s level up our anti-AI scraping game! https://ilo.im/16ahl8_____
#AI #Crawlers #RobotsTxt #RateLimiting #WAFs #Cloudflare #IndieWeb #WebDev #Frontend #Backend -
#Development #Challenges
Webspace invaders · Let’s level up our anti-AI scraping game! https://ilo.im/16ahl8_____
#AI #Crawlers #RobotsTxt #RateLimiting #WAFs #Cloudflare #IndieWeb #WebDev #Frontend #Backend -
#Development #Challenges
Webspace invaders · Let’s level up our anti-AI scraping game! https://ilo.im/16ahl8_____
#AI #Crawlers #RobotsTxt #RateLimiting #WAFs #Cloudflare #IndieWeb #WebDev #Frontend #Backend -
Одно кольцо, чтобы повелевать остальными: собираем лимитирование, ретраи и circuit breaker в одной библиотеке
Я чувстовал себя клоуном подключая 5ю библиотеку для написания устойчивого к ошибкам API клиента. После этого я написал библиотеку объединяющую все воедино. Мотивация и история архитектурных решений.
https://habr.com/ru/articles/992902/
#отказоустойчивость #отказоустойчивые_решения #отказоустойчивые_системы #отказоустойчивая_архитектура #python #ratelimiting #retry #pypi
-
Одно кольцо, чтобы повелевать остальными: собираем лимитирование, ретраи и circuit breaker в одной библиотеке
Я чувстовал себя клоуном подключая 5ю библиотеку для написания устойчивого к ошибкам API клиента. После этого я написал библиотеку объединяющую все воедино. Мотивация и история архитектурных решений.
https://habr.com/ru/articles/992902/
#отказоустойчивость #отказоустойчивые_решения #отказоустойчивые_системы #отказоустойчивая_архитектура #python #ratelimiting #retry #pypi
-
Одно кольцо, чтобы повелевать остальными: собираем лимитирование, ретраи и circuit breaker в одной библиотеке
Я чувстовал себя клоуном подключая 5ю библиотеку для написания устойчивого к ошибкам API клиента. После этого я написал библиотеку объединяющую все воедино. Мотивация и история архитектурных решений.
https://habr.com/ru/articles/992902/
#отказоустойчивость #отказоустойчивые_решения #отказоустойчивые_системы #отказоустойчивая_архитектура #python #ratelimiting #retry #pypi
-
Одно кольцо, чтобы повелевать остальными: собираем лимитирование, ретраи и circuit breaker в одной библиотеке
Я чувстовал себя клоуном подключая 5ю библиотеку для написания устойчивого к ошибкам API клиента. После этого я написал библиотеку объединяющую все воедино. Мотивация и история архитектурных решений.
https://habr.com/ru/articles/992902/
#отказоустойчивость #отказоустойчивые_решения #отказоустойчивые_системы #отказоустойчивая_архитектура #python #ratelimiting #retry #pypi
-
📌 Hướng dẫn nhanh về Rate Limiting cho API:
🛑 Ngăn chặn client “đánh rơi” API bằng cách đặt giới hạn.
🔧 Bắt đầu với giải pháp in‑memory đơn giản; mở rộng dùng Redis để hỗ trợ nhiều server.
☁️ Hoặc dùng API Gateway của cloud (AWS, GCP) để tự động scale & bảo vệ DDoS.
⏱️ Áp dụng token‑bucket, trả về header X‑Rate‑Limit và mã 429 kèm retry‑after.
📈 Giám sát vi phạm, thiết lập mức limit theo tier (user, IP).#API #RateLimiting #Redis #APIGateway #Tech #Lập_trình #Công_nghệ #Bảo_mật
-
Rate limiting simple avec Nginx.
-
El fallo de WhatsApp que expuso los números de teléfono de 3.500 millones de usuarios
Investigadores de la Universidad de Viena descubrieron que una vulnerabilidad de seguridad, conocida por Meta desde 2017, permitió extraer los números de teléfono de 3.500 millones de usuarios de WhatsApp a nivel mundial. La falla residía en la ausencia de una limitación de frecuencia ( rate-limiting ) en la función de «descubrimiento de contactos», lo que facilitaba a los atacantes el scraping masivo de números. Afortunadamente, Meta implementó protecciones más estrictas en octubre de 2025 para corregir este fallo (Fuente y Datos).
Un equipo de investigadores de seguridad de la Universidad de Viena en Austria ha revelado una vulnerabilidad crítica y simple en WhatsApp que, al ser explotada, permitió la exposición potencial de los números de teléfono de miles de millones de usuarios.
El Fallo de Diseño y el Scraping
La vulnerabilidad se encontró en la función básica de WhatsApp que permite a los usuarios buscar un número de teléfono para verificar si está registrado en la plataforma. Los investigadores descubrieron que WhatsApp carecía de protección de limitación de frecuencia ( rate- limiting ), una medida de seguridad que evita el abuso de dicha función.
- Explotación Masiva: Al explotar esta falla, los investigadores pudieron probar secuencias de números de teléfono de forma masiva. En solo media hora, lograron extraer 30 millones de números de WhatsApp registrados en Estados Unidos. Al finalizar su investigación, habían recolectado los números de teléfono de 3.500 millones de usuarios a nivel mundial.
- Exposición de Perfiles: La falta de limitación no solo expuso los números, sino también la información de perfil. Los investigadores pudieron recolectar las fotos de perfil del 57% de esos usuarios y ver el texto de perfil del 29%, ya que la configuración de privacidad de estos usuarios permitía la visualización pública.
Falta de Acción Previa de Meta
Lo más preocupante es que Meta, la empresa matriz de WhatsApp, tenía conocimiento de una falla similar desde 2017, reportada por otro grupo de investigadores. En ese momento, Meta no tomó medidas suficientes. Los investigadores austríacos informaron sus hallazgos a Meta en abril del año actual, advirtiendo sobre el grave riesgo de que actores maliciosos pudieran usar el truco para robar datos a gran escala.
Afortunadamente, en octubre de 2025 , Meta finalmente impuso una medida de limitación de frecuencia más estricta, lo que detiene la posibilidad de realizar descubrimientos de contactos a escala masiva. Los investigadores han confirmado que han eliminado de forma segura su base de datos recolectados.
El incidente subraya la necesidad de que las aplicaciones con cifrado de extremo a extremo (como WhatsApp, que promueve su seguridad) también implementen protecciones básicas a nivel de plataforma, un área donde competidores como Signal ya estaban avanzados.
#arielmcorg #ciberseguridad #infosertec #meta #numerosdetelefono #portada #privacidad #ratelimiting #scraping #seguridad #tecnologia2 #vulnerabilidad #whatsapp
-
#Development #Approaches
Rate-limiting requests with Nginx · An alternative approach to counter AI crawlers https://ilo.im/168axr_____
#RateLimiting #Nginx #WebServer #AI #Scrapers #RobotsTxt #DevOps #WebDev #Backend -
Как не положить API: rate limiting в Python
История о том, как я случайно устроил DDoS на внутренний API, обрабатывая 10 миллионов векторов. И как asyncio.Semaphore меня спас.
-
Fiz uma prova de conceito rápida e simples para testar um controle de vazão de requisições em Go (uma API HTTP em Go recebendo tráfego). Implementei do zero, sem pegar exemplo de documentação, sem sugestão de Copilot da vida, sem ler nenhuma referência.
Considerando minhas habilidades medianas, ficou bem eficiente e deu os resultados esperados. Nota 10/10.
-
I am wondering how website admins feel about HTTP rate limiting.
If a rate limit is declared both in the documentation, and is exposed through headers, and I implement the HTTP client with a token bucket rate limiter that behaves exactly as requested by the documentation (N requests every M time), are the admins happy?
I presume, if the server was 'unhappy' in any way, it could issue a GOAWAY error, in which case I can back off. But if I stay very close to the rate limit and simply continuously do requests (24/7), is that something that the server admins will be happy about?
-
Reddit appears to be mildly struggling with a sudden influx of traffic over Tor; hopefully they will make some tweaks to help it real soon now
See the image; similar overloading also seems to be affecting the Reddit Onion site.
I can’t think why it’s happening, but I’m sure they will sort it out soon. Vulnerable people are being prevented from accessing any content which is labelled as NSFW, including: alcoholism recovery, bulimia, domestic violence discussions…
Oh, and porn.
-
🎉 Welcome to "Sagyam's Super Fun Guide to Rate Limiting" - because who wouldn't want to spend their weekend playing with token buckets? 💼🤖 Forget Netflix and chilling, it's all about server starvation prevention! 🙃📉
https://blog.sagyamthapa.com.np/interactive-guide-to-rate-limiting #SagyamGuide #RateLimiting #TokenBuckets #ServerStarvation #FunLearning #HackerNews #ngated -
🎉 Welcome to "Sagyam's Super Fun Guide to Rate Limiting" - because who wouldn't want to spend their weekend playing with token buckets? 💼🤖 Forget Netflix and chilling, it's all about server starvation prevention! 🙃📉
https://blog.sagyamthapa.com.np/interactive-guide-to-rate-limiting #SagyamGuide #RateLimiting #TokenBuckets #ServerStarvation #FunLearning #HackerNews #ngated -
🎉 Welcome to "Sagyam's Super Fun Guide to Rate Limiting" - because who wouldn't want to spend their weekend playing with token buckets? 💼🤖 Forget Netflix and chilling, it's all about server starvation prevention! 🙃📉
https://blog.sagyamthapa.com.np/interactive-guide-to-rate-limiting #SagyamGuide #RateLimiting #TokenBuckets #ServerStarvation #FunLearning #HackerNews #ngated -
An Interactive Guide to Rate Limiting
https://blog.sagyamthapa.com.np/interactive-guide-to-rate-limiting
#HackerNews #InteractiveGuide #RateLimiting #TechTutorials #WebDevelopment #CodingBestPractices
-
Updated rate limits for unauthenticated requests
https://github.blog/changelog/2025-05-08-updated-rate-limits-for-unauthenticated-requests/
#HackerNews #UpdatedRateLimits #UnauthenticatedRequests #HackerNews #APIChanges #RateLimiting #TechNews
-
Updated rate limits for unauthenticated requests
https://github.blog/changelog/2025-05-08-updated-rate-limits-for-unauthenticated-requests/
#HackerNews #UpdatedRateLimits #UnauthenticatedRequests #HackerNews #APIChanges #RateLimiting #TechNews
-
Updated rate limits for unauthenticated requests
https://github.blog/changelog/2025-05-08-updated-rate-limits-for-unauthenticated-requests/
#HackerNews #UpdatedRateLimits #UnauthenticatedRequests #HackerNews #APIChanges #RateLimiting #TechNews
-
Updated rate limits for unauthenticated requests
https://github.blog/changelog/2025-05-08-updated-rate-limits-for-unauthenticated-requests/
#HackerNews #UpdatedRateLimits #UnauthenticatedRequests #HackerNews #APIChanges #RateLimiting #TechNews
-
🚀 Oh wow, #Supabase is now officially the golden child of the "Too Many Requests" club, raising $200M to ensure even MORE requests get queued. 🙄 I guess their new valuation proves that rate limiting is the new black in tech fashion! 💸
https://finance.yahoo.com/news/exclusive-supabase-raises-200-million-112154867.html #TooManyRequests #TechFashion #FundingSuccess #RateLimiting #HackerNews #ngated -
🚀 Oh wow, #Supabase is now officially the golden child of the "Too Many Requests" club, raising $200M to ensure even MORE requests get queued. 🙄 I guess their new valuation proves that rate limiting is the new black in tech fashion! 💸
https://finance.yahoo.com/news/exclusive-supabase-raises-200-million-112154867.html #TooManyRequests #TechFashion #FundingSuccess #RateLimiting #HackerNews #ngated -
🚀 Oh wow, #Supabase is now officially the golden child of the "Too Many Requests" club, raising $200M to ensure even MORE requests get queued. 🙄 I guess their new valuation proves that rate limiting is the new black in tech fashion! 💸
https://finance.yahoo.com/news/exclusive-supabase-raises-200-million-112154867.html #TooManyRequests #TechFashion #FundingSuccess #RateLimiting #HackerNews #ngated -
🚀 Oh wow, #Supabase is now officially the golden child of the "Too Many Requests" club, raising $200M to ensure even MORE requests get queued. 🙄 I guess their new valuation proves that rate limiting is the new black in tech fashion! 💸
https://finance.yahoo.com/news/exclusive-supabase-raises-200-million-112154867.html #TooManyRequests #TechFashion #FundingSuccess #RateLimiting #HackerNews #ngated -
#ReleaseMonday — One of the recent (already very useful!) new package additions to #ThingUmbrella is:
Leaky buckets are commonly used in communication networks for rate limiting, traffic shaping and bandwidth control, but are equally useful in other domains requiring similar constraints.
A Leaky Bucket is a managed counter with an enforced maximum value (i.e. bucket capacity). The counter is incremented for each a new event to check if it can/should be processed. If the bucket capacity has already been reached, the bucket will report an overflow, which we can then handle accordingly (e.g. by dropping or queuing events). The bucket also has a configurable time interval at which the counter is decreasing (aka the "leaking" behavior) until it reaches zero again (i.e. until the bucket is empty). Altogether, this setup can be utilized to ensure both an average rate, whilst also supporting temporary bursting in a controlled fashion...
Related, I've also updated/simplified the rate limiter interceptor in https://thi.ng/server to utilize this new package...
#ThingUmbrella #DataStructure #RateLimiting #OpenSource #TypeScript #JavaScript
-
In a night build of my hobby app, Trello apparently gave me CAPTCHA as a response to a valid API request with a valid API token 😀 Innovative approach to API rate-limiting! I hope this was just a bug on their side…
-
Rate limiting in Supabase? Cron UI? Get it in #2 of my newsletter
https://news.supa.guide/p/2-rate-limiting-with-supabase-and-a-cron-ui
-
https://code-maze.com/aspnetcore-web-api-rate-limiting/ - #RateLimiting in #ASPnet Core #APIs: https://github.com/stefanprodan/AspNetCoreRateLimit is great for most scenarios, but builds their own to learn.
-
#RateLimiting is an age-old #ReverseProxy feature focused on protecting against DDoS attacks. It treats all clients the same and is purely technical. In this day and age, most #API providers offer different subscription tiers; the higher the tier, the higher the rate limit, and the more you pay incidentally. It’s not technical anymore and requires to differentiate between clients.
In this post, I want to detail how to do it with #ApacheAPISIX.
-
My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!
https://en.blog.nic.cz/2024/07/15/knot-resolver-6-news-dos-protection-operators-overview/
#KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting
-
My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!
https://en.blog.nic.cz/2024/07/15/knot-resolver-6-news-dos-protection-operators-overview/
#KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting
-
My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!
https://en.blog.nic.cz/2024/07/15/knot-resolver-6-news-dos-protection-operators-overview/
#KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting
-
My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!
https://en.blog.nic.cz/2024/07/15/knot-resolver-6-news-dos-protection-operators-overview/
#KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting
-
My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!
https://en.blog.nic.cz/2024/07/15/knot-resolver-6-news-dos-protection-operators-overview/
#KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting
-
“MFA Fatigue” attack targets iPhone owners with endless password reset prompts - Enlarge / They look like normal notifications, but opening an iPhone wi... - https://arstechnica.com/?p=2012822 #mobilephishing #passwordreset #ratelimiting #security #phishing #biz #icloud #apple
-
In one of the conversations about the great spam attack that happened this weekend, someone mentioned that some sort of rate limiting for new users might help mitigate this sort of thing in future.
I think that's not a bad idea, hey? A brand new user shouldn't be able to post more than, say, 60 times per hour (perhaps exclude Boosts from that, because Boosting is so quick and easy). And that limit gets removed once they've made their 100th legitimate post.
Obviously, some Fediverse server software might implement this while others may not, so it's important that it's implemented at the API level for incoming posts. If the user's home server doesn't enforce the rate limiting, but your server does, then your server shouldn't accept more than 60 incoming requests from that user per hour.
What do you think, @Gargron? Obviously make the limit configurable, but 60 (excluding Boosts) is probably a sensible default, no? 🤔
-
👉 Depending solely on an #apigateway for API security can result in data breaches, fines, and downtime, damaging customer trust.
Here are some of the shortcomings in the API gateway that you should consider over a #WAAP to better protect your business.
Understand more about the difference between a WAAP vs. API Gateway in this blog:https://bit.ly/3QYuR0P
#apisecurity #apis #apiapplications #apimanagement #ddos #ratelimiting #apiprotection #apidiscovery #owaspapitop10 #apptrana #indusface
-
👉 Depending solely on an #apigateway for API security can result in data breaches, fines, and downtime, damaging customer trust.
Here are some of the shortcomings in the API gateway that you should consider over a #WAAP to better protect your business.
Understand more about the difference between a WAAP vs. API Gateway in this blog:https://bit.ly/3QYuR0P
#apisecurity #apis #apiapplications #apimanagement #ddos #ratelimiting #apiprotection #apidiscovery #owaspapitop10 #apptrana #indusface
-
👉 Relying on an #api gateway for API security?
This blog uncovers the key #apisecurity capabilities and limitations of an API Gateway.
Learn more: https://bit.ly/3QYuR0P
#apigateway #apis #apiapplications #apimanagement #ddos #ratelimiting #apiprotection #apidiscovery #waap #owaspapitop10 #apptrana #indusface