Rate Limit Filter
Some clients can monopolize too many RDAP server resources by making too many requests at once.
Normally, and assuming this is considered misbehavior, this problem would be handled by means of firewall rules, load balancing and/or rate-limits within reverse proxies (mod-qos and limitipconn2, for example). But if those solutions are out of scope or too fancy to apply, there’s another alternative: RedDog’s minimalist built-in rate limit filter.
RedDog’s rate limiter is simply a servlet filter that prevents to receive too many requests at once from the same IP address. If a client exceeds a predefined limit, the filter will return an HTTP 429 status code.
Notice that what this is doing is to reduce request floods from well-behaved clients. The client is still free to continue sending simultaneous requests, so this approach is by no means a DOS attack prevention system. It also prevents the server from wasting too many resources handling the whole request, but notice that servlet filters act fairly late during a packet processing pipeline.
If the filter fulfills the implementer needs, the web.xml
file must include at its <web-app>
tag something like this:
<filter>
<filter-name>RateLimitFilter</filter-name>
<filter-class>mx.nic.rdap.server.filter.RateLimitFilter</filter-class>
<init-param>
<param-name>limit</param-name>
<param-value>3</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>RateLimitFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
The mx.nic.rdap.server.filter.RateLimitFilter
is already included within RedDog’s WAR. The limit
init-param is the number of simultaneous requests allowed per IP address. This is all standard filter and filter-mapping syntax.