GitXplorerGitXplorer
a

rate_limiter

public
4 stars
2 forks
3 issues

Commits

List of commits on branch 8.x-1.x.
Unverified
416cdc127460121bed40acce8425a0de1179619f

Readme updated

aaneek committed 9 years ago
Unverified
d02d51cf70b3ca56193127fa225aeeab3c27ddf0

added improvements over Accept header based routing

aaneek committed 9 years ago
Unverified
f10c364a58a583c54507b8f35ffcd7aed36d5812

added _format query string to determine a service request.

aaneek committed 9 years ago
Unverified
80438bce0218ee25aef1e9a7dd4210e0559fc1b2

Readme updated

aaneek committed 9 years ago
Unverified
7c2a15ba5ed145b3afcebe330516bffe951d4eb3

Basic Test added.

aaneek committed 9 years ago
Unverified
4ac0283531008717879dd3b269893a9ca1af4fb3

pareview comment addressed

aaneek committed 9 years ago

README

The README file for this repository.

Rate Limiter

CONTENTS OF THIS FILE

  • Introduction
  • Features
  • Requirements
  • Installation
  • Configuration
  • Assumptions
  • Caution
  • Future Improvements
  • Maintainer(s)
  • Change Log
Introduction

Rate Limiter module can be useful when to disallow concurrent web service access to the application.

Features

This module exposes a "Rate Limiting" service for RestAPI web service calls. This service features:

  • Define number of concurrent allowed hits in a given time window.
  • Rate limiting on each request.
  • Limit hits based on IP address.
  • IP White listing option.
  • Defines a separate cache bin to store the rate limiter hits and counts.
  • Exportable configurations.
  • Supports Accept HTTP headers and Drupal recommended _format calls.
Requirements
  • RESTful Web Services
  • Serialization
Installation

Follow installation guide to install the module into the site.

Configuration

Navigate to Configuration >> Web services >> Rate Limiter Configuration (admin/config/services/rate-limiter). The configuration has two segments.

  • General Configuration
  • Access Rules

General Configuration has basic configurations to enable the module with allowed request limit in an allowed time frame. An optional message can be shown when the limit is reached.

Access Rules has two option to enable rate limiting service for all web-service request or based on IP. If IP based rate limiting is selected then there is an IP based white listing option available.

Assumptions

The following points were assumed while developing the module.

  1. Every Web-service call either have "Accept" header or "_format" query string.
  2. The Rate Limiting service will only work on requests with "application/json", "application/xml" and "application/hal+json" Accept headers or _format query string with "json", "hal_json" and "xml" values.
  3. Command line requests and "text/html" requests are considered as normal drupal requests to the site not as Service calls.
Caution

This module stores all it's rate limiter hit counts in Drupal's cache. So clearing cache will remove all the items. Assumed that in a production environment caches are not cleared more often.

Future Improvements
  • Enable Bearer Token based Rate limiting service with OAuth2 Server module.
  • Based on Feature Requests more improvements.
  • Integration test suite for testing Rate Limiting service.
Maintainer(s)
Current maintainer
Change Log
  • 8.x-1.0 - Initial version created.
  • 8.x-1.1 - Improvements over "Accept header based routing".
    • Based on #2501221 now supports _format to determine a service request and Response.