an app engine for your business. Seamlessly implement business logic with a powerful API. Out of the box CMS, blog, forum and email functionality. Developer friendly & easily extendable for your next SaaS/XaaS project. Built with Rails 6, Devise, Sidekiq & PostgreSQL
when an IP address causes X amount of errors over Y period ban them (fight against bad actors causing errors)
when an IP address makes X amount of requests over Y period ban them (fight against actors causing high traffic)
in both of the above cases, don't enforce the rule if the user is an admin or global admin. If griefing behaviour is detected in a user, notify users signed up to receive error notifications with an error message indicating the user and infraction type (causing errors, causing traffic)
note on banning: banning should not be permanent, ban time should happen with exponential backoff (eg: first ban 1 minute, second ban 2 minutes, 3rd ban 4 minutes and so on)
donrestarone
commented
1 year ago 
Rack attack: https://github.com/rack/rack-attack
rule set:
in both of the above cases, don't enforce the rule if the user is an admin or global admin. If griefing behaviour is detected in a user, notify users signed up to receive error notifications with an error message indicating the user and infraction type (causing errors, causing traffic)
note on banning: banning should not be permanent, ban time should happen with exponential backoff (eg: first ban 1 minute, second ban 2 minutes, 3rd ban 4 minutes and so on)