At my previous employer, we used Redis for publicly-documented rate limits, but we applied them after our rate limiting infrastructure already evaluated defensive infrastructure-oriented rate limits.
We generally found that this worked out fine. Customer-facing limits were numbers measured in hours or days; infra limits were measured in seconds or minutes.
Certainly you wouldn’t want to rely on a central db for infra-oriented rate limiting, in any case.
We generally found that this worked out fine. Customer-facing limits were numbers measured in hours or days; infra limits were measured in seconds or minutes.
Certainly you wouldn’t want to rely on a central db for infra-oriented rate limiting, in any case.