Thank you for your work on this amazing project. It has protected my application from attackers many times!
Currently, the code sets the request counters in cache keys without explicitly specifying a cache expiry timeout for these keys. And the timeout needs to be at least as large as the duration of the rate limit window. Adding a timeout setting would enable this package to handle long-term rate limits, while being backed by general-purpose caches, shared with other apps and having small default timeouts, leading to simpler deployments.
Hi @jsocol ,
Thank you for your work on this amazing project. It has protected my application from attackers many times!
Currently, the code sets the request counters in cache keys without explicitly specifying a cache expiry timeout for these keys. And the timeout needs to be at least as large as the duration of the rate limit window. Adding a timeout setting would enable this package to handle long-term rate limits, while being backed by general-purpose caches, shared with other apps and having small default timeouts, leading to simpler deployments.