An alternative approach to rate limiting
Nikrad Mahdi

I am confused — How was it worthwhile to optimize 20 Mb worth of ram for a use case for 10k users? How does that not scale? What kind of QPS planning assumptions am I missing that makes that that not scale?

Also, rate-limiting is a solution, but a better solution is implementing something that detects non-browser users via things like: ability to store cookies, ip reputation, deduping multiple users from same ips, execution of javascript, hidden captcha verification, etc.

Rate limiting is nice, but there are other tools and techniques to defend against this.

Show your support

Clapping shows how much you appreciated Alexey Malafeev’s story.