Comments (6)
Hi @twolfson https://github.com/alisaifee/limits/blob/1.0.6/limits/storage.py#L249 refers to https://github.com/andymccurdy/redis-py/blob/master/redis/lock.py#L9 which uses redis for its locking.
from limits.
Ah, sorry. I must have gotten my thoughts confused. Thanks for clarifying.
from limits.
On a tangent from this, is the locking mechanism required? In case of a denial of service attack, then that would require requests to be held open longer which is more likely to take the service down due to running out of connections.
from limits.
The lock is only used in the moving window implementation and isn't strictly required as in the worst case only one extra request would get through. At the very least I think a reasonably small timeout when trying to acquire the lock could help. Failure to acquire the lock within the timeout could result in the rate limit being marked as 'hit' as a client is bursting at a rate high enough to hit a lock is probably not up to any good. What do you think?
from limits.
I think both options have their benefits. It most likely boils down to whether the developer wants to be as performant as possible or as accurate as possible.
Marking the lock acquisition as a failure might be interesting. How would it work with a non-responsive Redis instance? In those cases, it might be better to 500 rather than 429.
from limits.
@twolfson: I've added a lock timeout in b6b755d
If the lock can't be acquired it will raise a LockError
which when used with Flask-Limiter
will currently result in a 500
error. I'll further add new options in Flask-Limiter
to configure what to do when an error is encountered when attempting to rate limit a route.
from limits.
Related Issues (20)
- How to limit based on token? HOT 3
- Redis URL format compatible with python-redis HOT 3
- Use redis-py async support instead of coredis HOT 3
- ssl_cert_reqs="required" is not allowing me to connect to Redis HOT 2
- Question: Does In-Memory Storage clear itself when limit expires or it will keep getting bloated? HOT 1
- Add support for etcd HOT 5
- Flaky unit test(s): time window HOT 20
- Relax of packaging dependency did not take effect? HOT 3
- Hit incorrectly returns True when cost higher than limit HOT 4
- RedisCluster does not work with password in uri HOT 3
- Plans to add support for DynamoDB HOT 3
- `pkg_resources` is deprecated HOT 11
- Shared ratelimit across multiple instances HOT 2
- Exponential / growing limits HOT 2
- change coredis to redis-py HOT 1
- Issue with implementing limits in fastapi HOT 5
- Unable to create `MovingWindowRateLimiter` for Asynchronous Redis Sentinel storage HOT 2
- Support redis cluster like aws Elasti Cache HOT 2
- Unnecessary dependency on setuptools HOT 1
- Fixed window strategy using mongodb storage not working HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from limits.