3

I'd like to add a very simple filter doing a per-IP rate-limit but still allowing burst, a bit like what the iptables allows to do.

I don't want install the entire kitchen sink: all I need is one Filter class implementing that functionality.

What would be a good data structure / algorithm allowing to do a simple "rate-limiting-but-with-short-bursts allowed"?

For example I'd like to serve an HTTP error code if the user tries to do more than 'x' GET / POST per minute, but I'd still like to enable that same user to "burst" up to 'y' (where y > x) until he hits the burst cap.

Just for comparision, here's how a similar rate-limitation-with-a-burst can be configured using iptables (it's just an example, to show what I'm talking about, even though in my case it's not about putting a rate-limit+burst on TCP SYN packets):

iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 5
Cedric Martin
  • 5,945
  • 4
  • 34
  • 66
  • 2
    I did some analysis of the requests to Apache's svn server looking at exactly this problem. My conclusion was if the required limit was x reqs/min then implementing a limit of nx every n minutes and select n based on what you view as an acceptable burst traffic profile. I ended up setting the limit per day. – Mark Thomas Apr 12 '12 at 16:45

2 Answers2

5

At Java level :

  • Found a rate limiter based on Esper where your build your own query to match your burst requirement.
  • Jetty has a built-in servlet filter
  • A Java library with the built-in blocks to create your own mechanism
  • Camel has a throttle mechanism

But I think it's easier to implement at webserver level

Or with a dedicated server add-on

Community
  • 1
  • 1
mestachs
  • 1,889
  • 15
  • 17
0

you can also look at Guava RateLimiter - it provides a nice starting point for more sophisticated ratelimiters.

Shanmu
  • 938
  • 7
  • 15