Closed lemondevxyz closed 1 month ago
Hmm... I've started and re-started replying several times, because this is a complex and complicated topic.
Throttling is one thing (making sure a specific client doesn't abuse the server), bandwidth limitation is another (making sure the server doesn't exceed a given global cap). Then we have rate-limiting (requests per one client or network block) to fight against scraping, and we also might have denying on too many errors. Things get complicated quickly...
So, my question is: what is exactly the use-case you want to implement? I ask, because perhaps Kawipiko isn't the best place to implement these kinds of policies. (For example I would recommend putting HAProxy in front of Kawipiko and implementing all these policies there, as it's more flexible. Or perhaps a simple iptables / nftables rule would be a better solution. Or just traffic-shaping if actual bandwidth limitation is the goal.)
If one wants to expose Kawipiko directly to the internet (without any TLS terminator or HTTP router or load-balancer, like for example HAProxy), then I could see some basic "protections" built, but I would rather keep things simple.
Let's discuss more what is your exact use-case.
I guess when you put it like that, this feature request would be a slippery slope. Once throttling is implementing, another user would ask for bandwidth limitation and another ratelimiting and so on.
I wasn't aware solutions like HAProxy existed for servers like kawipiko. Since they do and have a rich feature set, I am positive they will suffice :)
I wasn't aware solutions like HAProxy existed for servers like kawipiko. Since they do and have a rich feature set, I am positive they will suffice :)
Well Kawipiko is a plain HTTP server, and thus any HTTP reverse proxy (like HAProxy), or even a plain TCP load-balancer would work in front of it.
For my own (personal and professional) web deployments (be they Kawipiko or something else) I always put HAProxy in front of them; I do this mainly for the following reasons:
Host
header I forward the requests to different HTTP backends; (for example I have a few sites that use Kawipiko, each different instance handled by a separate process with a separate CDB, and I use HAProxy to route to the proper backend;)Thus whenever possible I strongly suggest using something like HAProxy in front of any HTTP-enabled server.
One of the better designed http servers, thttpd, implements throttling as a way to mitigate too much bandwidth usage.
Throttling could be useful in kawipiko since it can serve more users whilst staying with the limit that the ISP/server provider has set.
Of course, the expense is slower speeds for users, however when set right, the user barely notices.
A way this could be implemented without making the code complicated is by providing a cdb throttling file and calculating the throttling at startup time.
The CDB file would have keys that are regular expressions for paths whilst the values could be a number or possibly a range.
This implementation sketch is rather bare, I'd love to hear feedback on this.