Question
How to limit requests per hour from one IP like it is in Twitter? For example, I want to provide 100 requests per hour. Is there any solution? Apache modules? Thanks.
Solution
Start simple.
- Use the concept of API keys(Lets say its a guid mapped to a domain or an account).
- Every time your API is hit take that key and increment its corresponding counter.
- Write rules to limit based on your counter(in this case hours)
- Reset.
Blocking by IP is not advisable.NAT being the problem
OTHER TIPS
Don't do it by IP. People from a whole university, company or internet cafe may share the same IP. It's best if you inject a cookie with random value to the first http response for each client in order to identify uniqueness.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow