What is the best way to implement a rate-limiting algorithm for web requests?

c# asp.net algorithm throttling rate-limiting
Lamar picture Lamar · Sep 20, 2009 · Viewed 28k times · Source

Possible/partial duplicates:

I am looking for the best way to implement a moving time window rate limiting algorithm for a web application to reduce spam or brute force attacks.

Examples of use would be "Maximum number of failed login attempts from a given IP in the last 5 minutes", "Maximum number of (posts/votes/etc...) in the last N minutes".

I would prefer to use a moving time window algorithm, rather than a hard reset of statistics every X minutes (like twitter api).

This would be for a C#/ASP.Net app.

Answer

ZZ Coder picture ZZ Coder · Sep 20, 2009

We found out Token Bucket is better algorithm for this kind of rate-limiting. It's widely used in routers/switches so our operation folks are more familiar with the concept.

Related questions

How to get the URL of the current page in C#

Can anyone help out me in getting the URL of the current working page of ASP.NET in C#?

Read More
How do you set the Content-Type header for an HttpClient request?

I'm trying to set the Content-Type header of an HttpClient object as required by an API I am calling. I tried setting the Content-Type like below: using (var httpClient = new HttpClient()) { httpClient.BaseAddress = new Uri("http://example.com/"); httpClient.DefaultRequestHeaders.…

Read More
The request was aborted: Could not create SSL/TLS secure channel

We are unable to connect to an HTTPS server using WebRequest because of this error message: The request was aborted: Could not create SSL/TLS secure channel. We know that the server doesn't have a valid HTTPS certificate with the …

Read More