Rate limiting in web server

Asked Nov 18 '20 at 14:53

Active Nov 24 '20 at 20:16

Viewed 93 times

How do web servers implement rate-limiting, for example, from a particular client/user?

The doubt is, the server has to first "get" the request, and if the threshold has reached, deny. In this process, isn't the server using its resources.

For example:

In the server, we may have logic like this (assuming socket programming).

void acceptConnection() {

    while(true) {

       int i = accept();
        
       // rest of logic

    }
}

My doubt starts with this: The server will be listening on a socket/port, so even if it may deny a client, but the server is still listening to fake calls, doesn't that also contribute to DOS? For example, doesn't the server execute accept() before rejecting a fake call; so in a way, a part of code is getting executed?

edited Nov 24 '20 at 20:16

halfer

19,824
17
99
186

asked Nov 18 '20 at 14:53

CuriousMind

8,301
22
65
134

https://stackoverflow.com/questions/3947621/how-can-i-limit-bandwidth-in-java – secdet Nov 18 '20 at 15:53
My doubt is; doesn't it still execute part of the code and if invoked at a very high rate will bring it down? – CuriousMind Nov 18 '20 at 15:58
1

exactly thats what a ddos does – secdet Nov 18 '20 at 15:59
Then who blocks that? if part of code has inevitably being invoked, who will block? – CuriousMind Nov 18 '20 at 16:03
if you mean the ddos attacks: a seperate server which functionates like a gate with a antiddos software on it – secdet Nov 18 '20 at 16:30

Rate limiting in web server

0 Answers0