Rate limit

A distributed denial‑of‑service (DDoS) attack is an attempt to make a service, usually a website, unavailable by bombarding it with so much traffic from multiple machines that the server providing the service is no longer able to function correctly.

• DDoS attacks are carried out by software programs (bots)
• systems that don’t handle large numbers of concurrent connections well
• opening a large number of connections and keeping them active
• exhaust the system’s capacity for new connections
• sending a large number of requests or very large requests

How to prevent DDOS:¶

• limiting rate of request (single client IP address)c
• limiting number of connections (opened by a single client IP address)
• Closing slow connection
• IP Allowlisting / Denylisting
• Caching : Maybe use CDN
• Limiting request to backend upstream ( Nginx can handle more request that backend)

Rate limiting Algorithm (Link)¶

• Token bucket (Stripe uses this)
• Leaky bucket (Closely related to token bucket)
• Fixed window counters
• Sliding window log
• Sliding window counters ( Figma Uses this)