0

I have some issue with rate limit concept, I have tried to create one POC where we are blocking the no of request based on time and its working fine. But i need to imeplement rate limit based on user to user like, In my appication differnt user can search the product parallely if i am imeplenting rate limit then its blocking for all users not for single user. Any one can help here..

I have craeted the POC for rate limit and i can see its applicable for all users. Lets example as below: 1.Suppose for my application i keep 5 request per minute , For 6th request it will block and give error mesage . 2.But what about for the other user,He is not searched yet and when he will try to serach he will also get the same exception

Nihar Ranjan Khatua
  • 11
  • 1

1 Answers1

0

First of all your implementation sounds to point as it is doing what is expected out of rate-limiting features.

The only part in which you are falling behind in is implementing this feature on a user basis which can be done basis on an identifier upon which we can separate out every user.

In a general use case, one can have a username+sessionid as a unique identifier to implement rate limiting on the user level which will solve your issue.

You can use a database or cache to understand or keep track of current hits being done to the server and then compare it with the rate-limiting logic you have in place.

Being said that this is a very requirement-specific implementation but I hope I gave you a starting point to work upon.

Suchandra T
  • 569
  • 4
  • 8
  • Hi Suchndra, Thanks for the valuable suggestion, Could you plz send me the sample code to implement using username+sessionid. – Nihar Ranjan Khatua Apr 03 '23 at 05:49
  • Sure, this is nicely explained with all the code over here https://stackoverflow.com/questions/44042412/how-to-set-rate-limit-for-each-user-in-spring-boot This beautifully works at the IP level which is one of the user identifiers. Please accept the answer if this helped you in your current task. – Suchandra T Apr 03 '23 at 05:53
  • Yes i have tried this code in my application, BUt whats the problem is Imy application for all user i am getting same Ipaddress so its very difficult to identify the user to whom i need to block it.Example: Ehen i am trying to acces to access commmon server it will always give the same ipaddress to all user. – Nihar Ranjan Khatua Apr 03 '23 at 06:29
  • So Nihar if you go through carefully. X-Forwarded-For is like an IP of the last hop of request. by any chance your application is running behind proxy? – Suchandra T Apr 03 '23 at 06:31
  • Yes it running based on proxy address. – Nihar Ranjan Khatua Apr 03 '23 at 07:37
  • Thats why its not possible based on ip adress, Because it will always create the same ipaddress for all user. – Nihar Ranjan Khatua Apr 03 '23 at 07:38
  • Is there any alternate way instead of Ipadress? I have already tested with Ipaddress for my case Ipadress is not the proper way to handle my scenario. – Nihar Ranjan Khatua Apr 03 '23 at 07:48
  • Nihar so ip address is just one unique identifier. What does your request look like? do we have any client-related info which we send along with the request or more specifically any unique header in the request? – Suchandra T Apr 03 '23 at 07:57
  • No,I have checked that also there is no unique identifier in the request. – Nihar Ranjan Khatua Apr 03 '23 at 08:50