How to build a Rate Limiter using Redis
Rate limiting is a mechanism that many developers may have to deal with at some point in their life. It’s useful for a variety of purposes like sharing access to limited resources or limiting the number of requests made to an API endpoint and responding with a 429 status code.
In this tutorial, we will see how to implement Rate Limiting using various programming languages:
- Python
- NodeJS
- Java
- Ruby
#
Using Python#
Step 1. Pre-requisite- Python
- Docker
- Docker Compose
#
Step 2. Clone the repository#
Step 3. Run docker compose or install redis manually If you install redis manually open django-backend/configuration folder and copy .env.example
to create .env
. And provide the values for environment variables
#
Step 4. Setup and runInstall python, pip and venv (on mac: https://installpython3.com/mac/)
Use python version: 3.8
Step 5. Accessing the rate limiting app
#
How it works?#
How the data is stored:This app will block connections from a client after surpassing certain amount of requests (default: 10) per time (default: 10 sec) The application will return after each request the following headers. That will let the user know how many requests they have remaining before the run over the limit. On the 10th run server should return an HTTP status code of 429 Too Many Requests
SETNX is short for "SET if Not eXists". It basically sets key to hold string value if key does not exist. In that case, it is equal to SET. When key already holds a value, no operation is performed. New responses are added key-ip as shown below:
Set a timeout on key:
#
How the data is accessed:Next responses are get bucket:
Next responses are changed bucket:
#
Using NodeJS#
Step 1. Pre-requisite- Node - v12.19.0
- NPM - v6.14.8
- Docker - v19.03.13 (optional)
#
Step 2. Clone the repository#
Step 3. Copy file and set proper data insideCopy .env.example to .env and make the changes as per your environment
- REDIS_ENDPOINT_URI: Redis server URI
- REDIS_PASSWORD: Password to the server
#
Step 4. Install dependencies#
Step 5. Run docker compose or install redis manually#
Step 6. Running the frontend#
Step 7. Running the backend#
Step 8. Accessing the rate limiting app#
Using Java#
Step 1. Pre-requisite- Java
- Docker
- Docker Compose
#
Step 2. Clone the repository#
Step 3. Run docker compose or install redis manually#
Step 4. Setting up environment variablesOpen directory server (cd server``): copy
.env.exampleto create
.env` and provide the values for environment variables (if needed).
#
Step 5. Setup and runInstall gradle (on mac: https://gradle.org/install/)
Install JDK (on mac: https://docs.oracle.com/javase/10/install/installation-jdk-and-jre-macos.htm)
#
Step 6. Accessing the rate limiting appPoint your browser to http://IP:5000 and you will be able to select various requests per second option on the screen. As shown in the above example, the server will allow sending max 10 API requests within a 10 second window.If you send more than that, all additional requests will be blocked
#
Using RubyThe server will allow sending particular number of requests (permitted_requests_count stored in Redis) within a 10 second window. If you send more than that, all additional requests will be blocked.
#
Step 1. Pre-requisite- Ruby - v2.7.0
- Rails - v5.2.4.5
- NPM - v7.6.0
#
Step 2. Clone the repository#
Step 3. Copy files and set proper data insideCopy config/application.yml.example to config/application.yml
#
Step 4. Install dependencies#
Step 5. Run Redis Docker container#
Step 6. Running the app#
Step 7. Accessing the appGo to the browser and type https://localhost:3000 to access the app
#
How it works?This app was built using rack-defense gem which will block connections from a client after surpassing certain amount of requests (permitted_requests_count, default: 10) per time (10 seconds).
#
Code to configure rack-defenceThe application will return response headers after each successful request:
The application will also return request header after each request (including blocking requests) with count of remaining requests:
#
How the data is stored:The permitted_requests_count is stored in Redis store in string format. By default, it's 10. You can set new VALUE with these commands:
IMPORTANT! For the new permitted_requests_count value to take effect you need to restart an app (rails) server after these commands.
#
How the data is accessed:You can get permitted_requests_count with this command: