Is throttler limits number of request per user or on total count
nitinmagdumvista opened this issue · comments
Is there an existing issue for this?
- I have searched the existing issues
Current behavior
Is throttler limits number of request per user or on total count
example - if i configure throttler for 60 sec to allow only 10 request so it will be 10 request per user or total 10 request combining multiple users
because to avoid DDOS attack i want to set limit per user not on total request by multiple users
Minimum reproduction code
Steps to reproduce
No response
Expected behavior
Is throttler limits number of request per user or on total count
Package version
8.0.0
NestJS version
8.0.0
Node.js version
14.0.0
In which operating systems have you tested?
- macOS
- Windows
- Linux
Other
Is throttler limits number of request per user or on total count
by default, it is per IP:
throttler/src/throttler.guard.ts
Lines 99 to 101 in 519199c
This module works by tracking a combination of IP and URL for its key tracking. That means if you set a TTL of 60 and a limit of 10, each user can hit an endpoint up to 10 times in a 60 second time frame. If they exceed that, they can still hit other endpoints.
@jmcdo29 @micalevisk Thanks a lot
what is the standard configuration for an public facing application 60 and 10?
or it varies as per type of application and load
It varies.
Please use our Discord channel (Support). We are using GitHub to track Bug Reports, Feature Requests, and Regressions.