Rate-Limiting at Scale

Rate Limiting in Action Nick Galbreath, Director of Engineering, Etsy. Rate limiting is a useful technique to limit malicious and undesirable behavior on web services. This talk will present a simple rate limit implementation using memcached that allows one to easily add rate limiting anywhere in their application. We’ll then cover some (surprising) real-world uses of rate limits, how to distinguish between enthusiasm and maliciousness, and finally some of the common countermeasures that are used.

First presented at SANS AppSec Summit, Las Vegas, NV on May 1, 2012.