Rate Limiter
To access this setting, go to Administration > Settings > Rate Limiter.

API Rate Limiter

  • Enable Rate Limiter: Lets you enable API rate limiter.
  • Enable Rate Limiter in development: When enabled, rate limiter will be enabled for development. Llimit the number of calls to the endpoints in the development environment?
  • Default number calls to the rate limiter: Number of default calls for each endpoint of the REST API, allowed within the time range defined below
  • Default time limit for the rate limiter (in ms): Takes in time in seconds to limit the number of calls at each endpoint of the REST API (in ms).

DDP Rate Limiter

Customize rate-limiting for methods and subscriptions to avoid a high load of WebSocket(A communication protocol that allows for simultaneous data transmission in one channel) messages on your server.
  • Limit by IP: enabled: Enables limit by IP.
    • Limit by IP: requests allowed: Lets you set the number of requests allowed.
    • Limit by IP: interval time: Takes in the interval for limiting IP.
  • Limit by User: Lets you enable DDP rate limiting by user
    • Limit by User: requests allowed: The number of requests allowed
    • Limit by User: interval time: The time interval in seconds for limiting the user
  • Limit by User per Method: When set to true, it enables limiting user's rate per method
    • Limit by User per Method: requests allowed: The number of request allowed
    • Limit by User per Method: interval time: The interval for limiting user per method
  • Limit by Connection per Method: Lets you set connection limit by method
    • Limit by Connection per Method: requests allowed: The number of request requests allowed
    • Limit by Connection per Method: interval time: Interval for limiting connection per method

Feature Limiting

Setting this up gets your sever full protection from email and username enumeration by brute force attack.
  • Default number calls to the rate limiter for registering a user: Number of default calls for user registering endpoints (REST and real-time API's), allowed within the time range defined in the API Rate Limiter section.
Last modified 1mo ago