Rate Limiting HTTP Requests and Incoming Connections

I would like to implement a new feature that would Rate limit the incoming HTTP requests and the connections, if possible for a specific user. Can you please provide me a pointer as where I can add this code.


Sure, and thanks for working on this. There is already some groundwork to base your code on.

We already have a rate limiting feature regarding failed login attempts. This is to prevent brute force attacks:

The code for this feature can be extended IMHO to generally limit the request a user can make in a specific timeframe.

A good starting point would be the com.floragunn.searchguard.auth package.

Have a look at this abstract base class for example:


At the moment limiting and blocking is only implemented when there is an authentication failure. However, the code can be extended by an onAuthSuccess method for example, which could then be used to implement a general rate limit by user.

Thank you @jkressin. Just started with it, will get back if there are any questions.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.