Is sliding time window rate limiting supported? #317
Comments
|
Can you explain what you mean by "sliding time window"? The rate limiting does "slide", as in if you say "10 requests per minute", then it's the previous 10 minutes. You can then apply several rate limiting rules:
If that doesn't work, check the callable rates: https://django-ratelimit.readthedocs.io/en/stable/rates.html#callables |
|
The sliding window rate limiting algorithm is based on a dynamic time window that moves with time, allowing for more flexibility in managing bursts of traffic which is in contrast to fixed window rate limiting algorithm. This will only partially mitigate the burst of requests. cause during the last 2 seconds of a time window and the first 2 seconds of the subsequent time window a bad actor can send send 20 request under 4 seconds. this may not be that much in terms of CPU cycles but for some services where each request cost money, this becomes an issue. |
|
Did you read about callable rates? Can you imagine how you would like your decorators too look? (pretend django-ratelimit had the feature that you are looking for) |
it seems like rate limiting is only base on fixed time window algorithm. this approach can allow Burt request which in my case such burst is costly. I have some services where each request cost me money. Is there a way using djano-ratelimit to enforce a sliding time window rate limiting? or is there a way to implement custom sliding rate limiting?
The text was updated successfully, but these errors were encountered: