Skip to content

Rate limit

A distributed denial‑of‑service (DDoS) attack is an attempt to make a service, usually a website, unavailable by bombarding it with so much traffic from multiple machines that the server providing the service is no longer able to function correctly.

  • DDoS attacks are carried out by software programs (bots)
  • systems that don’t handle large numbers of concurrent connections well
  • opening a large number of connections and keeping them active
  • exhaust the system’s capacity for new connections
  • sending a large number of requests or very large requests

How to prevent DDOS:

  • limiting rate of request (single client IP address)c
  • limiting number of connections (opened by a single client IP address)
  • Closing slow connection
  • IP Allowlisting / Denylisting
  • Caching : Maybe use CDN
  • Limiting request to backend upstream ( Nginx can handle more request that backend)
  • Token bucket (Stripe uses this)
  • Leaky bucket (Closely related to token bucket)
  • Fixed window counters
  • Sliding window log
  • Sliding window counters ( Figma Uses this)