Comments on: How-To: Rack Middleware for API Throttling http://blog.messagepub.com/2009/05/05/how-to-rack-middleware-for-api-throttling/ Multichannel Messaging Explained Tue, 29 Dec 2009 23:20:56 +0000 http://wordpress.com/ hourly 1 By: Nino http://blog.messagepub.com/2009/05/05/how-to-rack-middleware-for-api-throttling/#comment-73 Nino Tue, 29 Dec 2009 23:20:56 +0000 http://blog.messagepub.com/?p=107#comment-73 @Brian: have you actually gotten this to work? In my experiments and according the documentation, for volatile keys (expired keys), INCR will overwrite the value, treating it as null; your counter will forever be 1 if you use expire. incr('foo',1) # foo = 1 # good incr('foo',1) # foo = 2 # good expire('foo',100) # foo will expire in 100 seconds incr('foo',1) # foo = 1 # bad See this thread: http://groups.google.com/group/redis-db/browse_thread/thread/9de9fdb23d9b04c2 Using a cron job for cleanup seems to be a reasonable approach to this problem @Brian: have you actually gotten this to work?

In my experiments and according the documentation, for volatile keys (expired keys), INCR will overwrite the value, treating it as null; your counter will forever be 1 if you use expire.

incr(‘foo’,1)
# foo = 1 # good
incr(‘foo’,1)
# foo = 2 # good
expire(‘foo’,100)
# foo will expire in 100 seconds
incr(‘foo’,1)
# foo = 1 # bad

See this thread:
http://groups.google.com/group/redis-db/browse_thread/thread/9de9fdb23d9b04c2

Using a cron job for cleanup seems to be a reasonable approach to this problem

]]> By: Brian Hammond http://blog.messagepub.com/2009/05/05/how-to-rack-middleware-for-api-throttling/#comment-70 Brian Hammond Sun, 23 Aug 2009 04:30:42 +0000 http://blog.messagepub.com/?p=107#comment-70 Nevermind this. I just looked how Rack::Auth::Basic actually works :) Nevermind this. I just looked how Rack::Auth::Basic actually works :)

]]> By: Brian Hammond http://blog.messagepub.com/2009/05/05/how-to-rack-middleware-for-api-throttling/#comment-69 Brian Hammond Sun, 23 Aug 2009 03:54:04 +0000 http://blog.messagepub.com/?p=107#comment-69 You might want to actually authenticate the username given against your datastore. Otherwise, an attacker could push someone else over *their* rate limit. You might want to actually authenticate the username given against your datastore. Otherwise, an attacker could push someone else over *their* rate limit.

]]> By: Brian Hammond http://blog.messagepub.com/2009/05/05/how-to-rack-middleware-for-api-throttling/#comment-68 Brian Hammond Thu, 13 Aug 2009 18:05:39 +0000 http://blog.messagepub.com/?p=107#comment-68 FYI Redis supports key expiration. http://code.google.com/p/redis/wiki/ExpireCommand INCR then EXPIRE a key. The nice part about the EXPIRE command is that you get a running rate limiter, as a pending expiration is removed after you change a value. INCR key, EXPIRE key 3600. @Leather - not everyone can control the nginx config (e.g. when hosted on Heroku). FYI Redis supports key expiration.

http://code.google.com/p/redis/wiki/ExpireCommand

INCR then EXPIRE a key.

The nice part about the EXPIRE command is that you get a running rate limiter, as a pending expiration is removed after you change a value.

INCR key, EXPIRE key 3600.

@Leather – not everyone can control the nginx config (e.g. when hosted on Heroku).

]]> By: Stevie http://blog.messagepub.com/2009/05/05/how-to-rack-middleware-for-api-throttling/#comment-47 Stevie Tue, 09 Jun 2009 16:04:52 +0000 http://blog.messagepub.com/?p=107#comment-47 @Leather, Limit_req is great, but it doesn't have flexibility of a higher level tool like ApiThrottling. Being able to limit on a per-user basis make ApiThrottling a heck of a lot more useful. It's pretty common with API services to limit requests based on contractual agreements (pay more for a higher guaranteed throughput, etc). This could be built into ApiThrottling without much work. Also, starting off a comment with "this is stupid" is pretty asinine, especially when you obviously haven't spent the time to understand what ApiThrottling gives you. Luc has made something really great here, and trolling just makes you look, well, stupid. @Leather,

Limit_req is great, but it doesn’t have flexibility of a higher level tool like ApiThrottling. Being able to limit on a per-user basis make ApiThrottling a heck of a lot more useful. It’s pretty common with API services to limit requests based on contractual agreements (pay more for a higher guaranteed throughput, etc). This could be built into ApiThrottling without much work.

Also, starting off a comment with “this is stupid” is pretty asinine, especially when you obviously haven’t spent the time to understand what ApiThrottling gives you. Luc has made something really great here, and trolling just makes you look, well, stupid.

]]> By: How-To: Rack Middleware for API Throttling - Daemian Mack http://blog.messagepub.com/2009/05/05/how-to-rack-middleware-for-api-throttling/#comment-35 How-To: Rack Middleware for API Throttling - Daemian Mack Fri, 15 May 2009 20:05:05 +0000 http://blog.messagepub.com/?p=107#comment-35 [...] Rack Middleware for API Throttling I will show you a technique to impose a rate limit (aka API Throttling) on a Ruby Web Service. I will be using Rack middleware so you can use this no matter what Ruby Web Framework you are [...] [...] Rack Middleware for API Throttling I will show you a technique to impose a rate limit (aka API Throttling) on a Ruby Web Service. I will be using Rack middleware so you can use this no matter what Ruby Web Framework you are [...]

]]> By: Luc Castera http://blog.messagepub.com/2009/05/05/how-to-rack-middleware-for-api-throttling/#comment-34 Luc Castera Fri, 15 May 2009 16:39:19 +0000 http://blog.messagepub.com/?p=107#comment-34 Leather, Thanks for your comment. I did look at the limit_req module but the documentation was sparse and it didn't seem to be able to limit connections per user. If you have used limit_req before, it would be great if you could write about it and share your knowledge since there is so little documentation on it. I would love to see a solution to this problem using limit_req module. Rack and redis are not really a overhead. All Ruby frameworks use rack it and if you run any modern Ruby web framework, you are already using it heavily + we are using Redis for other stuff to so it is part of our infrastructure. If you do not want to use Redis and have Memcached already running, you could easily adapt this code to use memcached instead (see Mike's comment earlier). Leather,

Thanks for your comment. I did look at the limit_req module but the documentation was sparse and it didn’t seem to be able to limit connections per user.

If you have used limit_req before, it would be great if you could write about it and share your knowledge since there is so little documentation on it. I would love to see a solution to this problem using limit_req module.

Rack and redis are not really a overhead. All Ruby frameworks use rack it and if you run any modern Ruby web framework, you are already using it heavily + we are using Redis for other stuff to so it is part of our infrastructure. If you do not want to use Redis and have Memcached already running, you could easily adapt this code to use memcached instead (see Mike’s comment earlier).

]]> By: Leather Donut http://blog.messagepub.com/2009/05/05/how-to-rack-middleware-for-api-throttling/#comment-33 Leather Donut Fri, 15 May 2009 16:01:16 +0000 http://blog.messagepub.com/?p=107#comment-33 This is stupid. Use the right tool for the right problem. There is no need to include all of this at such a high level. For example, nginx has the limit_req directive that works perfectly for something like this. There is no need to incur all the additional overhead of rack, redis blah blah blah. This is stupid.

Use the right tool for the right problem. There is no need to include all of this at such a high level.

For example, nginx has the limit_req directive that works perfectly for something like this. There is no need to incur all the additional overhead of rack, redis blah blah blah.

]]> By: Dev Blog AF83 » Blog Archive » Veille technologique : Infrastructure Ruby Rails, HTML, Javascript, Tutoriels, Git, Regexp http://blog.messagepub.com/2009/05/05/how-to-rack-middleware-for-api-throttling/#comment-32 Dev Blog AF83 » Blog Archive » Veille technologique : Infrastructure Ruby Rails, HTML, Javascript, Tutoriels, Git, Regexp Mon, 11 May 2009 22:16:39 +0000 http://blog.messagepub.com/?p=107#comment-32 [...] http://blog.messagepub.com/2009/05/05/how-to-rack-middleware-for-api-throttling/ : un tutoriel pour faire de l’API throttling grâce à Rake (l’API throttling est une pratique qui consiste à limiter le nombre d’appels qu’un client peut faire à une service web) [...] [...] http://blog.messagepub.com/2009/05/05/how-to-rack-middleware-for-api-throttling/ : un tutoriel pour faire de l’API throttling grâce à Rake (l’API throttling est une pratique qui consiste à limiter le nombre d’appels qu’un client peut faire à une service web) [...]

]]> By: Ben Reubenstein http://blog.messagepub.com/2009/05/05/how-to-rack-middleware-for-api-throttling/#comment-31 Ben Reubenstein Sun, 10 May 2009 17:57:40 +0000 http://blog.messagepub.com/?p=107#comment-31 Glad to see some great examples of how to use Rack. Unless I was attending the wrong sessions, I felt RailsConf was very light on solid examples. Glad to see some great examples of how to use Rack. Unless I was attending the wrong sessions, I felt RailsConf was very light on solid examples.

]]>