feat(sec): Rate Limiting for API (!26) · Merge requests · prozorro-sale / Simple UI Auction Creator

Pavel Kuzmenko requested to merge kpn/28/api_rate_limit into master Dec 06, 2021

The current setting allows 3 POST requests per second. 1,2 requests occur without delay, 3 requests with 1 second delay, all exceeding ones return with http error 429

🕙[ 12:51:13 ] ➜ siege -c 3 -r 1 -b http://localhost/api/ping
** SIEGE 4.0.4
** Preparing 3 concurrent users for battle.
The server is now under siege...
HTTP/1.1 200     0.09 secs:      16 bytes ==> GET  /api/ping
HTTP/1.1 200     0.10 secs:      16 bytes ==> GET  /api/ping
HTTP/1.1 200     1.08 secs:      16 bytes ==> GET  /api/ping

Transactions:		           3 hits
Availability:		      100.00 %
Elapsed time:		        1.08 secs
Data transferred:	        0.00 MB
Response time:		        0.42 secs
Transaction rate:	        2.78 trans/sec
Throughput:		        0.00 MB/sec
Concurrency:		        1.18
Successful transactions:           3
Failed transactions:	           0
Longest transaction:	        1.08
Shortest transaction:	        0.09

kuzmenko-pavel ~ 
🕙[ 12:51:18 ] ➜ siege -c 4 -r 1 -b http://localhost/api/ping
** SIEGE 4.0.4
** Preparing 4 concurrent users for battle.
The server is now under siege...
HTTP/1.1 429     0.00 secs:     162 bytes ==> GET  /api/ping
HTTP/1.1 200     0.07 secs:      16 bytes ==> GET  /api/ping
HTTP/1.1 200     0.08 secs:      16 bytes ==> GET  /api/ping
HTTP/1.1 200     1.08 secs:      16 bytes ==> GET  /api/ping

Transactions:		           4 hits
Availability:		      100.00 %
Elapsed time:		        1.09 secs
Data transferred:	        0.00 MB
Response time:		        0.31 secs
Transaction rate:	        3.67 trans/sec
Throughput:		        0.00 MB/sec
Concurrency:		        1.13
Successful transactions:           3
Failed transactions:	           0
Longest transaction:	        1.08
Shortest transaction:	        0.00

Edited Dec 06, 2021 by Pavel Kuzmenko

feat(sec): Rate Limiting for API

Merge request reports