Rate Limiting on Standard Pages


(John) #1

Hi all,

We have a page (currently an asset listing) where I’d like to restrict the number of visits per user within a specific time frame. Has anyone implemented rate limiting or any similar mechanism on a standard Matrix page? I suspect it might be possible using triggers and session variables. If anyone has done this before or can suggest a method to try, I’d love to hear your thoughts!

Thanks!


(Aleks Bochniak) #2

Best place to do this is at a level above your application stack, within the infrastructure that deals with inbound traffic to your website or on the webserver itself.

There are loads of ways to do this, but it really depends on your setup


(Byrne) #3

Be interesting to know more about your use case and why you need to rate limit the requests. The obvious includes

Security
the need to block spurious requests from bots or nuisance requests.

Reduce load on CMS service
Large asset listings may cause ling running requests, when there are no updates to the page its an unnecessary performance hit.

Using sessions:
Yeah you could set a session var based on incrementing a hit count. using a condition to mange the visibility of the content or redirecting the user. This has the downside of having to run all requests on the server.

Using client side:
you could load the content using AJAX and simply use JS to check a cookie. This has the downside that it can be ignored easily by bots.

Realistically the better solutions will use either:
Network controls to prevent BOT or other tools to identify traffic you want to limit. Cloudflare for example.

Cache controls increasing your cache limit to hold the page longer will mean its causing no hassle on the server.