How do you guys handle request spam?

[Ω Alisson]

So that a malicious user gets blocked for some time(maybe with HTTP 429) when it hits a request limit in a predefined duration

[mscdex]

On Thursday, July 3, 2014 10:54:37 AM UTC-4, Alisson Cavalcante Agiani wrote:

So that a malicious user gets blocked for some time(maybe with HTTP 429) when it hits a request limit in a predefined duration

If you're using Express, there are rate limiting middleware[1][2] and modules[3][4] for non-Express users as well.

Or you could block them at the firewall level with iptables[5][6].

[1] https://github.com/AdamPflug/express-brute
[2] https://github.com/dharmafly/connect-ratelimit
[3] https://github.com/xat/limits.js
[4] https://github.com/brycebaril/node-tokenthrottle
[5] https://github.com/pkrumins/node-iptables
[6] https://github.com/securitykiss-com/rfw

[mscdex]

There's also: https://github.com/diosney/node-netfilter

[Ω Alisson]

Found this: http://nginx.org/en/docs/http/ngx_http_limit_req_module.html

Thanks!

On Thu, Jul 3, 2014 at 6:48 PM, mscdex <msc...@gmail.com> wrote:

There's also: https://github.com/diosney/node-netfilter

--
Job board: http://jobs.nodejs.org/
New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md
Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
---
You received this message because you are subscribed to the Google Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+un...@googlegroups.com.
To post to this group, send email to nod...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/c1fd8c45-8e3a-42a3-b269-3501d8eeb1ec%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.