home.social

#ratelimiting — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #ratelimiting, aggregated by home.social.

  1. Modernizing .NET Part 26! 🛡️

    Today we’re implementing the Rate Limiting Middleware in ASP.NET Core.

    ✅ Concurrency control
    ✅ Stable response times under load
    ✅ No more cascading failures

    medium.com/@michael.kopt/%EF%B

  2. Modernizing .NET Part 26! 🛡️

    Today we’re implementing the Rate Limiting Middleware in ASP.NET Core.

    ✅ Concurrency control
    ✅ Stable response times under load
    ✅ No more cascading failures

    medium.com/@michael.kopt/%EF%B
    #dotnet #csharp #dotnetcore #aspnet #aspnetcore #ratelimiting #performance

  3. 🛡️ The Throttling pattern addresses system protection in distributed environments by implementing rate limiting mechanisms that control request processing rates. By using algorithms like Token Bucket, Sliding Window, and Fixed Window, applications can ensure fair resource allocation while preventing system overload.

    💡 The key insight is that not all traffic is equal — by implementing intelligent rate limiting with proper monitoring and configuration, systems can maintain stability even during unexpected traffic spikes.

    #DistributedSystems #SystemArchitecture #RateLimiting #SystemProtection #SoftwareEngineering

    newsletter.shiftelevate.dev/p/

  4. 🛡️ The Throttling pattern addresses system protection in distributed environments by implementing rate limiting mechanisms that control request processing rates. By using algorithms like Token Bucket, Sliding Window, and Fixed Window, applications can ensure fair resource allocation while preventing system overload.

    💡 The key insight is that not all traffic is equal — by implementing intelligent rate limiting with proper monitoring and configuration, systems can maintain stability even during unexpected traffic spikes.

    #DistributedSystems #SystemArchitecture #RateLimiting #SystemProtection #SoftwareEngineering

    newsletter.shiftelevate.dev/p/

  5. 🛡️ The Throttling pattern addresses system protection in distributed environments by implementing rate limiting mechanisms that control request processing rates. By using algorithms like Token Bucket, Sliding Window, and Fixed Window, applications can ensure fair resource allocation while preventing system overload.

    💡 The key insight is that not all traffic is equal — by implementing intelligent rate limiting with proper monitoring and configuration, systems can maintain stability even during unexpected traffic spikes.

    #DistributedSystems #SystemArchitecture #RateLimiting #SystemProtection #SoftwareEngineering

    newsletter.shiftelevate.dev/p/

  6. 🛡️ The Throttling pattern addresses system protection in distributed environments by implementing rate limiting mechanisms that control request processing rates. By using algorithms like Token Bucket, Sliding Window, and Fixed Window, applications can ensure fair resource allocation while preventing system overload.

    💡 The key insight is that not all traffic is equal — by implementing intelligent rate limiting with proper monitoring and configuration, systems can maintain stability even during unexpected traffic spikes.

    #DistributedSystems #SystemArchitecture #RateLimiting #SystemProtection #SoftwareEngineering

    newsletter.shiftelevate.dev/p/

  7. 🛡️ The Throttling pattern addresses system protection in distributed environments by implementing rate limiting mechanisms that control request processing rates. By using algorithms like Token Bucket, Sliding Window, and Fixed Window, applications can ensure fair resource allocation while preventing system overload.

    💡 The key insight is that not all traffic is equal — by implementing intelligent rate limiting with proper monitoring and configuration, systems can maintain stability even during unexpected traffic spikes.

    #DistributedSystems #SystemArchitecture #RateLimiting #SystemProtection #SoftwareEngineering

    newsletter.shiftelevate.dev/p/

  8. Одно кольцо, чтобы повелевать остальными: собираем лимитирование, ретраи и circuit breaker в одной библиотеке

    Я чувстовал себя клоуном подключая 5ю библиотеку для написания устойчивого к ошибкам API клиента. После этого я написал библиотеку объединяющую все воедино. Мотивация и история архитектурных решений.

    habr.com/ru/articles/992902/

    #отказоустойчивость #отказоустойчивые_решения #отказоустойчивые_системы #отказоустойчивая_архитектура #python #ratelimiting #retry #pypi

  9. Одно кольцо, чтобы повелевать остальными: собираем лимитирование, ретраи и circuit breaker в одной библиотеке

    Я чувстовал себя клоуном подключая 5ю библиотеку для написания устойчивого к ошибкам API клиента. После этого я написал библиотеку объединяющую все воедино. Мотивация и история архитектурных решений.

    habr.com/ru/articles/992902/

    #отказоустойчивость #отказоустойчивые_решения #отказоустойчивые_системы #отказоустойчивая_архитектура #python #ratelimiting #retry #pypi

  10. Одно кольцо, чтобы повелевать остальными: собираем лимитирование, ретраи и circuit breaker в одной библиотеке

    Я чувстовал себя клоуном подключая 5ю библиотеку для написания устойчивого к ошибкам API клиента. После этого я написал библиотеку объединяющую все воедино. Мотивация и история архитектурных решений.

    habr.com/ru/articles/992902/

    #отказоустойчивость #отказоустойчивые_решения #отказоустойчивые_системы #отказоустойчивая_архитектура #python #ratelimiting #retry #pypi

  11. Одно кольцо, чтобы повелевать остальными: собираем лимитирование, ретраи и circuit breaker в одной библиотеке

    Я чувстовал себя клоуном подключая 5ю библиотеку для написания устойчивого к ошибкам API клиента. После этого я написал библиотеку объединяющую все воедино. Мотивация и история архитектурных решений.

    habr.com/ru/articles/992902/

    #отказоустойчивость #отказоустойчивые_решения #отказоустойчивые_системы #отказоустойчивая_архитектура #python #ratelimiting #retry #pypi

  12. 📌 Hướng dẫn nhanh về Rate Limiting cho API:
    🛑 Ngăn chặn client “đánh rơi” API bằng cách đặt giới hạn.
    🔧 Bắt đầu với giải pháp in‑memory đơn giản; mở rộng dùng Redis để hỗ trợ nhiều server.
    ☁️ Hoặc dùng API Gateway của cloud (AWS, GCP) để tự động scale & bảo vệ DDoS.
    ⏱️ Áp dụng token‑bucket, trả về header X‑Rate‑Limit và mã 429 kèm retry‑after.
    📈 Giám sát vi phạm, thiết lập mức limit theo tier (user, IP).

    #API #RateLimiting #Redis #APIGateway #Tech #Lập_trình #Công_nghệ #Bảo_mật

  13. El fallo de WhatsApp que expuso los números de teléfono de 3.500 millones de usuarios

    Investigadores de la Universidad de Viena descubrieron que una vulnerabilidad de seguridad, conocida por Meta desde 2017, permitió extraer los números de teléfono de 3.500 millones de usuarios de WhatsApp a nivel mundial. La falla residía en la ausencia de una limitación de frecuencia ( rate-limiting ) en la función de «descubrimiento de contactos», lo que facilitaba a los atacantes el scraping masivo de números. Afortunadamente, Meta implementó protecciones más estrictas en octubre de 2025 para corregir este fallo (Fuente y Datos).

    Un equipo de investigadores de seguridad de la Universidad de Viena en Austria ha revelado una vulnerabilidad crítica y simple en WhatsApp que, al ser explotada, permitió la exposición potencial de los números de teléfono de miles de millones de usuarios.

    El Fallo de Diseño y el Scraping

    La vulnerabilidad se encontró en la función básica de WhatsApp que permite a los usuarios buscar un número de teléfono para verificar si está registrado en la plataforma. Los investigadores descubrieron que WhatsApp carecía de protección de limitación de frecuencia ( rate- limiting ), una medida de seguridad que evita el abuso de dicha función.

    • Explotación Masiva: Al explotar esta falla, los investigadores pudieron probar secuencias de números de teléfono de forma masiva. En solo media hora, lograron extraer 30 millones de números de WhatsApp registrados en Estados Unidos. Al finalizar su investigación, habían recolectado los números de teléfono de 3.500 millones de usuarios a nivel mundial.
    • Exposición de Perfiles: La falta de limitación no solo expuso los números, sino también la información de perfil. Los investigadores pudieron recolectar las fotos de perfil del 57% de esos usuarios y ver el texto de perfil del 29%, ya que la configuración de privacidad de estos usuarios permitía la visualización pública.

    Falta de Acción Previa de Meta

    Lo más preocupante es que Meta, la empresa matriz de WhatsApp, tenía conocimiento de una falla similar desde 2017, reportada por otro grupo de investigadores. En ese momento, Meta no tomó medidas suficientes. Los investigadores austríacos informaron sus hallazgos a Meta en abril del año actual, advirtiendo sobre el grave riesgo de que actores maliciosos pudieran usar el truco para robar datos a gran escala.

    Afortunadamente, en octubre de 2025 , Meta finalmente impuso una medida de limitación de frecuencia más estricta, lo que detiene la posibilidad de realizar descubrimientos de contactos a escala masiva. Los investigadores han confirmado que han eliminado de forma segura su base de datos recolectados.

    El incidente subraya la necesidad de que las aplicaciones con cifrado de extremo a extremo (como WhatsApp, que promueve su seguridad) también implementen protecciones básicas a nivel de plataforma, un área donde competidores como Signal ya estaban avanzados.

    #arielmcorg #ciberseguridad #infosertec #meta #numerosdetelefono #portada #privacidad #ratelimiting #scraping #seguridad #tecnologia2 #vulnerabilidad #whatsapp

  14. Как не положить API: rate limiting в Python

    История о том, как я случайно устроил DDoS на внутренний API, обрабатывая 10 миллионов векторов. И как asyncio.Semaphore меня спас.

    habr.com/ru/articles/963880/

    #python #asyncio #semaphore #ratelimiting #performance

  15. Fiz uma prova de conceito rápida e simples para testar um controle de vazão de requisições em Go (uma API HTTP em Go recebendo tráfego). Implementei do zero, sem pegar exemplo de documentação, sem sugestão de Copilot da vida, sem ler nenhuma referência.

    Considerando minhas habilidades medianas, ficou bem eficiente e deu os resultados esperados. Nota 10/10.

    #golang #ratelimiting #rate

  16. I am wondering how website admins feel about HTTP rate limiting.

    If a rate limit is declared both in the documentation, and is exposed through headers, and I implement the HTTP client with a token bucket rate limiter that behaves exactly as requested by the documentation (N requests every M time), are the admins happy?

    I presume, if the server was 'unhappy' in any way, it could issue a GOAWAY error, in which case I can back off. But if I stay very close to the rate limit and simply continuously do requests (24/7), is that something that the server admins will be happy about?

    #http #curl #golang #webdev #api #ratelimiting

  17. Reddit appears to be mildly struggling with a sudden influx of traffic over Tor; hopefully they will make some tweaks to help it real soon now

    See the image; similar overloading also seems to be affecting the Reddit Onion site.

    I can’t think why it’s happening, but I’m sure they will sort it out soon. Vulnerable people are being prevented from accessing any content which is labelled as NSFW, including: alcoholism recovery, bulimia, domestic violence discussions…

    Oh, and porn.

    #ageVerification #feed #overload #rateLimiting #reddit #tor

  18. 🎉 Welcome to "Sagyam's Super Fun Guide to Rate Limiting" - because who wouldn't want to spend their weekend playing with token buckets? 💼🤖 Forget Netflix and chilling, it's all about server starvation prevention! 🙃📉
    blog.sagyamthapa.com.np/intera #SagyamGuide #RateLimiting #TokenBuckets #ServerStarvation #FunLearning #HackerNews #ngated

  19. 🎉 Welcome to "Sagyam's Super Fun Guide to Rate Limiting" - because who wouldn't want to spend their weekend playing with token buckets? 💼🤖 Forget Netflix and chilling, it's all about server starvation prevention! 🙃📉
    blog.sagyamthapa.com.np/intera #SagyamGuide #RateLimiting #TokenBuckets #ServerStarvation #FunLearning #HackerNews #ngated

  20. 🎉 Welcome to "Sagyam's Super Fun Guide to Rate Limiting" - because who wouldn't want to spend their weekend playing with token buckets? 💼🤖 Forget Netflix and chilling, it's all about server starvation prevention! 🙃📉
    blog.sagyamthapa.com.np/intera #SagyamGuide #RateLimiting #TokenBuckets #ServerStarvation #FunLearning #HackerNews #ngated

  21. 🚀 Oh wow, #Supabase is now officially the golden child of the "Too Many Requests" club, raising $200M to ensure even MORE requests get queued. 🙄 I guess their new valuation proves that rate limiting is the new black in tech fashion! 💸
    finance.yahoo.com/news/exclusi #TooManyRequests #TechFashion #FundingSuccess #RateLimiting #HackerNews #ngated

  22. 🚀 Oh wow, #Supabase is now officially the golden child of the "Too Many Requests" club, raising $200M to ensure even MORE requests get queued. 🙄 I guess their new valuation proves that rate limiting is the new black in tech fashion! 💸
    finance.yahoo.com/news/exclusi #TooManyRequests #TechFashion #FundingSuccess #RateLimiting #HackerNews #ngated

  23. 🚀 Oh wow, #Supabase is now officially the golden child of the "Too Many Requests" club, raising $200M to ensure even MORE requests get queued. 🙄 I guess their new valuation proves that rate limiting is the new black in tech fashion! 💸
    finance.yahoo.com/news/exclusi #TooManyRequests #TechFashion #FundingSuccess #RateLimiting #HackerNews #ngated

  24. 🚀 Oh wow, #Supabase is now officially the golden child of the "Too Many Requests" club, raising $200M to ensure even MORE requests get queued. 🙄 I guess their new valuation proves that rate limiting is the new black in tech fashion! 💸
    finance.yahoo.com/news/exclusi #TooManyRequests #TechFashion #FundingSuccess #RateLimiting #HackerNews #ngated

  25. #ReleaseMonday — One of the recent (already very useful!) new package additions to #ThingUmbrella is:

    thi.ng/leaky-bucket

    Leaky buckets are commonly used in communication networks for rate limiting, traffic shaping and bandwidth control, but are equally useful in other domains requiring similar constraints.

    A Leaky Bucket is a managed counter with an enforced maximum value (i.e. bucket capacity). The counter is incremented for each a new event to check if it can/should be processed. If the bucket capacity has already been reached, the bucket will report an overflow, which we can then handle accordingly (e.g. by dropping or queuing events). The bucket also has a configurable time interval at which the counter is decreasing (aka the "leaking" behavior) until it reaches zero again (i.e. until the bucket is empty). Altogether, this setup can be utilized to ensure both an average rate, whilst also supporting temporary bursting in a controlled fashion...

    Related, I've also updated/simplified the rate limiter interceptor in thi.ng/server to utilize this new package...

    #ThingUmbrella #DataStructure #RateLimiting #OpenSource #TypeScript #JavaScript

  26. In a night build of my hobby app, Trello apparently gave me CAPTCHA as a response to a valid API request with a valid API token 😀 Innovative approach to API rate-limiting! I hope this was just a bug on their side…

    #trello #api #atlassian #ratelimiting

  27. #RateLimiting is an age-old #ReverseProxy feature focused on protecting against DDoS attacks. It treats all clients the same and is purely technical. In this day and age, most #API providers offer different subscription tiers; the higher the tier, the higher the rate limit, and the more you pay incidentally. It’s not technical anymore and requires to differentiate between clients.

    In this post, I want to detail how to do it with #ApacheAPISIX.

    blog.frankel.ch/different-rate

  28. My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!

    en.blog.nic.cz/2024/07/15/knot

    #KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting

  29. My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!

    en.blog.nic.cz/2024/07/15/knot

    #KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting

  30. My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!

    en.blog.nic.cz/2024/07/15/knot

    #KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting

  31. My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!

    en.blog.nic.cz/2024/07/15/knot

    #KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting

  32. My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!

    en.blog.nic.cz/2024/07/15/knot

    #KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting

  33. “MFA Fatigue” attack targets iPhone owners with endless password reset prompts - Enlarge / They look like normal notifications, but opening an iPhone wi... - arstechnica.com/?p=2012822 #mobilephishing #passwordreset #ratelimiting #security #phishing #biz#icloud #apple

  34. In one of the conversations about the great spam attack that happened this weekend, someone mentioned that some sort of rate limiting for new users might help mitigate this sort of thing in future.

    I think that's not a bad idea, hey? A brand new user shouldn't be able to post more than, say, 60 times per hour (perhaps exclude Boosts from that, because Boosting is so quick and easy). And that limit gets removed once they've made their 100th legitimate post.

    Obviously, some Fediverse server software might implement this while others may not, so it's important that it's implemented at the API level for incoming posts. If the user's home server doesn't enforce the rate limiting, but your server does, then your server shouldn't accept more than 60 incoming requests from that user per hour.

    What do you think, @Gargron? Obviously make the limit configurable, but 60 (excluding Boosts) is probably a sensible default, no? 🤔

    #SpamAttack #Fediverse #Security #RateLimiting

  35. 👉 Depending solely on an #apigateway for API security can result in data breaches, fines, and downtime, damaging customer trust.

    Here are some of the shortcomings in the API gateway that you should consider over a #WAAP to better protect your business.

    Understand more about the difference between a WAAP vs. API Gateway in this blog:bit.ly/3QYuR0P

    #apisecurity #apis #apiapplications #apimanagement #ddos #ratelimiting #apiprotection #apidiscovery #owaspapitop10 #apptrana #indusface

  36. 👉 Depending solely on an #apigateway for API security can result in data breaches, fines, and downtime, damaging customer trust.

    Here are some of the shortcomings in the API gateway that you should consider over a #WAAP to better protect your business.

    Understand more about the difference between a WAAP vs. API Gateway in this blog:bit.ly/3QYuR0P

    #apisecurity #apis #apiapplications #apimanagement #ddos #ratelimiting #apiprotection #apidiscovery #owaspapitop10 #apptrana #indusface