Feature Request: Throttling?

[lemondevxyz]

One of the better designed http servers, thttpd, implements throttling as a way to mitigate too much bandwidth usage.

Throttling could be useful in kawipiko since it can serve more users whilst staying with the limit that the ISP/server provider has set.

Of course, the expense is slower speeds for users, however when set right, the user barely notices.

A way this could be implemented without making the code complicated is by providing a cdb throttling file and calculating the throttling at startup time.

The CDB file would have keys that are regular expressions for paths whilst the values could be a number or possibly a range.

This implementation sketch is rather bare, I'd love to hear feedback on this.

[cipriancraciun]

Hmm... I've started and re-started replying several times, because this is a complex and complicated topic.

Throttling is one thing (making sure a specific client doesn't abuse the server), bandwidth limitation is another (making sure the server doesn't exceed a given global cap). Then we have rate-limiting (requests per one client or network block) to fight against scraping, and we also might have denying on too many errors. Things get complicated quickly...

So, my question is: what is exactly the use-case you want to implement? I ask, because perhaps Kawipiko isn't the best place to implement these kinds of policies. (For example I would recommend putting HAProxy in front of Kawipiko and implementing all these policies there, as it's more flexible. Or perhaps a simple iptables / nftables rule would be a better solution. Or just traffic-shaping if actual bandwidth limitation is the goal.)

If one wants to expose Kawipiko directly to the internet (without any TLS terminator or HTTP router or load-balancer, like for example HAProxy), then I could see some basic "protections" built, but I would rather keep things simple.

Let's discuss more what is your exact use-case.

[lemondevxyz]

I guess when you put it like that, this feature request would be a slippery slope. Once throttling is implementing, another user would ask for bandwidth limitation and another ratelimiting and so on.

I wasn't aware solutions like HAProxy existed for servers like kawipiko. Since they do and have a rich feature set, I am positive they will suffice :)

[cipriancraciun]

I wasn't aware solutions like HAProxy existed for servers like kawipiko. Since they do and have a rich feature set, I am positive they will suffice :)

Well Kawipiko is a plain HTTP server, and thus any HTTP reverse proxy (like HAProxy), or even a plain TCP load-balancer would work in front of it.

For my own (personal and professional) web deployments (be they Kawipiko or something else) I always put HAProxy in front of them; I do this mainly for the following reasons:

• TLS termination; i.e. accepting TLS connections and forwarding the plain HTTP to the backend server, which in almost all cases runs on the same Linux machine (VM or not);
• HTTP routing; mainly based on the Host header I forward the requests to different HTTP backends; (for example I have a few sites that use Kawipiko, each different instance handled by a separate process with a separate CDB, and I use HAProxy to route to the proper backend;)
• security; HAProxy has a very expressive (and efficient) ACL system (Access Control Lists), which allows one to build very complex rules, from throttling, rate-limiting, bandwidth limiting, queueing, prioritization, blacklisting, etc.;

Thus whenever possible I strongly suggest using something like HAProxy in front of any HTTP-enabled server.