Rate-Limiting at Scale

Nick Galbreath

First presented at SANS AppSec Summit, Las Vegas, NV on May 1, 2012

3:15-4:05 p.m. Rate Limiting in Action Nick Galbreath, Director of Engineering, Etsy Rate limiting is a useful technique to limit malicious and undesirable behavior on web services. This talk will present a simple rate limit implementation using memcached that allows one to easily add rate limiting anywhere in their application. We’ll then cover some (surprising) real-world uses of rate limits, how to distinguish between enthusiasm and maliciousness, and finally some of the common countermeasures that are used.