Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Y
yii2
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
PSDI Army
yii2
Commits
e5224f2b
Commit
e5224f2b
authored
Aug 13, 2014
by
Vadim Belorussov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add rest-rate-limiting.md to translate into Russian
parent
7cf358af
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
44 additions
and
0 deletions
+44
-0
rest-rate-limiting.md
docs/guide-ru/rest-rate-limiting.md
+44
-0
No files found.
docs/guide-ru/rest-rate-limiting.md
0 → 100644
View file @
e5224f2b
Rate Limiting
=============
To prevent abuse, you should consider adding rate limiting to your APIs. For example, you may limit the API usage
of each user to be at most 100 API calls within a period of 10 minutes. If too many requests are received from a user
within the period of the time, a response with status code 429 (meaning Too Many Requests) should be returned.
To enable rate limiting, the
[
[yii\web\User::identityClass|user identity class
]
] should implement
[
[yii\filters\RateLimitInterface
]
].
This interface requires implementation of the following three methods:
*
`getRateLimit()`
: returns the maximum number of allowed requests and the time period, e.g.,
`[100, 600]`
means
at most 100 API calls within 600 seconds.
*
`loadAllowance()`
: returns the number of remaining requests allowed and the corresponding UNIX timestamp
when the rate limit is checked last time.
*
`saveAllowance()`
: saves the number of remaining requests allowed and the current UNIX timestamp.
You may use two columns in the user table to record the allowance and timestamp information.
And
`loadAllowance()`
and
`saveAllowance()`
can then be implementation by reading and saving the values
of the two columns corresponding to the current authenticated user. To improve performance, you may also
consider storing these information in cache or some NoSQL storage.
Once the identity class implements the required interface, Yii will automatically use
[
[yii\filters\RateLimiter
]
]
configured as an action filter for
[
[yii\rest\Controller
]
] to perform rate limiting check. The rate limiter
will thrown a
[
[yii\web\TooManyRequestsHttpException
]
] if rate limit is exceeded. You may configure the rate limiter
as follows in your REST controller classes,
```
php
public
function
behaviors
()
{
$behaviors
=
parent
::
behaviors
();
$behaviors
[
'rateLimiter'
][
'enableRateLimitHeaders'
]
=
false
;
return
$behaviors
;
}
```
When rate limiting is enabled, by default every response will be sent with the following HTTP headers containing
the current rate limiting information:
*
`X-Rate-Limit-Limit`
: The maximum number of requests allowed with a time period;
*
`X-Rate-Limit-Remaining`
: The number of remaining requests in the current time period;
*
`X-Rate-Limit-Reset`
: The number of seconds to wait in order to get the maximum number of allowed requests.
You may disable these headers by configuring
[
[yii\filters\RateLimiter::enableRateLimitHeaders
]
] to be false,
like shown in the above code example.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
