- Introduction
- Features
- Requirements
- Installation
- Configuration
- Assumptions
- Caution
- Future Improvements
- Maintainer(s)
- Change Log
Rate Limiter module can be useful when to disallow concurrent web service access to the application.
This module exposes a "Rate Limiting" service for RestAPI web service calls. This service features:
- Define number of concurrent allowed hits in a given time window.
- Rate limiting on each request.
- Limit hits based on IP address.
- IP White listing option.
- Defines a separate cache bin to store the rate limiter hits and counts.
- Exportable configurations.
- Supports
Accept
HTTP headers and Drupal recommended_format
calls.
- RESTful Web Services
- Serialization
Follow installation guide to install the module into the site.
Navigate to Configuration >> Web services >> Rate Limiter Configuration (admin/config/services/rate-limiter). The configuration has two segments.
- General Configuration
- Access Rules
General Configuration has basic configurations to enable the module with allowed request limit in an allowed time frame. An optional message can be shown when the limit is reached.
Access Rules has two option to enable rate limiting service for all web-service request or based on IP. If IP based rate limiting is selected then there is an IP based white listing option available.
The following points were assumed while developing the module.
- Every Web-service call either have "Accept" header or "_format" query string.
- The Rate Limiting service will only work on requests with
"application/json", "application/xml" and "application/hal+json"
Accept
headers or_format
query string with "json", "hal_json" and "xml" values. - Command line requests and "text/html" requests are considered as normal drupal requests to the site not as Service calls.
This module stores all it's rate limiter hit counts in Drupal's cache. So clearing cache will remove all the items. Assumed that in a production environment caches are not cleared more often.
- Enable Bearer Token based Rate limiting service with OAuth2 Server module.
- Based on Feature Requests more improvements.
- Integration test suite for testing Rate Limiting service.
- Aneek Mukhopadhyay (aneek) - https://www.drupal.org/u/aneek
- 8.x-1.0 - Initial version created.
- 8.x-1.1 - Improvements over "Accept header based routing".
- Based on #2501221 now supports
_format
to determine a service request and Response.
- Based on #2501221 now supports