This repository has been archived by the owner on Apr 16, 2023. It is now read-only.
[🚀] REST service: Enable request throttling by remote IP. #191
Labels
enhancement
New feature or request
feedback wanted
Extra discussion is needed
performance
Performance impacting stuff
service
Issues & PRs related to a specific service.
Comments
MarkL4YG
added
enhancement
|
@finnWellers what do you think about this? |
|
Also: Of course, we should respect reverse-proxy scenarios and their respective forwarding headers. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Describe the solution you'd like
Plugin controllers, endpoints and system administrators should be allowed to request limits for throttling purposes. This should be understood as a basic way of DoS prevention since frequent repeated requests may be able to at least flood the underlying thread pool of Spark - especially when the response is calculated always.
Describe why you would like to see this implemented
Note: Check whether or not Spark already features such a thing!
An implementation could use simple thresholds per IP and endpoint to determine whether or not requests should be throttled (rejected with
HTTP/X.X 429 TOO_MANY_REQUESTS).A first draft implementation could utilize a simple global threshold to enforce over all requests so basic protection is available. We could use a ticking thread to reduce points for all remote addresses each tick while new requests would increase the number of points. The reduction of points per tick should be configurable while the tick rate could be made a system property.
Since this is about performance under load, we should start with the simple global threshold and implement it as simple and up-front as possible.
The text was updated successfully, but these errors were encountered: