Home / Companies / Replit / Blog / Post Details
Content Deep Dive

Distributed Websocket Rate Limiting

Blog post from Replit

Post Details
Company
Date Published
Author
Amjad Masad
Word Count
815
Company Posts That Month
6
Language
English
Hacker News Points
-
Summary

A common practice for protecting services offering APIs is rate limiting, which helps prevent bad actors from launching DOS attacks and enforces limits on the service. When implementing an HTTP API rate limiter, a central shared "state" is needed to manage multiple servers, typically achieved using Redis due to its prevalence in this use case. In our specific scenario, we need to limit concurrent open connections for a stateful interpreter/REPL, but unlike traditional time-based limits, our limit is based on the total number of open connections at any given time. To achieve this, each server stores and updates connection counts in Redis using unique IDs, aggregates counts for users across servers, and implements expiration times to handle failures, including refreshing keys every 3 minutes to prevent zombie "concurrent users".

Trends Found in this Post

No tracked trend matches for this post yet.