undefined | Better HN

0 pointskorzun11y ago0 comments

I assure you that if you had a proper system in place it would limit the exposure. We are talking about 600 r/s (QVC should be able to eat that anyways, but whatever).

At this level you should know this will happen and have placeholders in place.

If every single IP is unique, additional layer would be pattern matching traffic by different network classes and flagging it actively.

Another way to rate limit is by number of pages per session / time.

Then you can have another fail safe method where if X exceeds Y start throttling top X (dynamically scale up until X is returned to normal) while notifying DevOps of the issue.

Etc.

0 comments

2 comments · 1 top-level

chadgeidel11y ago· 1 in thread

Your initial comment said "but QVC (by this time) should have rate limiting / throttling per IP." If you have 1 or 2 requests from an IP then rate limiting those requests does nothing.

Your other suggestions are certainly interesting, and you may have implied those solutions - but that's not what you originally said. You said rate limiting by IP is enough. It is not.

korzunOP11y ago

Fair point.

j / k navigate · click thread line to collapse