Use a API rate limiter at the application level to avoid user ban

[Crovitche-1623]

I was unintentionally banned (on my development environment, fortunately) after making a mistake in my PHP script. Maybe it would be a good idea to include a built-in API rate limiter (for instance the new Symfony Rate Limiter Component IDK) at the application level ?

[asgrim]

We have had rate limiting (temporary ban) on the website for a very long time. If you exceed the rate limit enough, it will permanently ban your IP. Details are on https://browscap.org :)

[Crovitche-1623]

Yes, I've understood that.

My suggestion would be to include a call limiter at the library application level. Another option would be to modify the update() method so that it updates the local browscap file only if necessary (by first checking the /version-number endpoint), as this is probably not the case since I only used this method and was banned.

[Crovitche-1623]

Just a little question @asgrim: Why does it say in the readme that the checkUpdate method is likely to reach the rate limit, whereas on the website it says that there is no limit for the /version and /version-number endpoints? I guess the checkUpdate method only uses these endpoints?

[asgrim]

Honestly, I can't remember off my head what exactly the checkUpdate does; if it only uses the /version / /version-number endpoint then that's fine, shouldn't be limited. Cloudflare should cache that endpoint aggressively (and it's only tiny). The issue we had, and the reason we put the rate limiter in place is that the INI files are getting huuuuge, and bandwidth costs ;) we have zero funding for this project, so everything is jerry-rigged... hopefully people won't need to do UA sniffing anyway in modern times! :)