-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configurable rate limiting by IP address #42
Comments
One fear was that individuals at hackathons are adversely affected by this. I'd say we can just add a support email beneath + a twitter handle - the hackathon co-ordinators can always reach us and we can send them a significant amount of test ETH for the event. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It would be nice to have a configurable rate limiting by IP address.
Something like:
e.g. Only allow an IP address to perform 2 requests per 1 hour
Note that the source IP address doesn't need to necessarily be the one that is doing the request to the faucet. Sometimes there are proxies or load balancers in between. In those cases, the
X-Forwarded-For
header could be used. So this should also be configurable, either the src IP of the request, or given a HTTP header.As an initial version I think it's fine if the "IP database" keeps in memory and is dropped when the faucet is restarted.
Example of a config in YAML. (Could ofc be in a different format):
Requests that are rate limited should get a HTTP/1.1 429 Too Many Requests as a response. The "Retry-After" response header could also be added, but it's just a nice to have.
The text was updated successfully, but these errors were encountered: