https://discord.cloudflare.com logo
Join Discord
Powered by
# workers-discussions
  • c
    So basically really fast key-value store like Redis installed locally?
  • h
    DOs read from within datacenter, but they aren’t in every datacenter
  • c
    🤔
  • c
    Why aren't in every datacenter? So writes and reads could be fast everywhere?
  • h
    Because they are fault tolerant, and require a fair bit of storage
  • c
    yeah for api call limiter fault tolerance really doesn't matter.
  • c
    So Cloudflare could make something even cheaper with less resources.
  • c
    for api call limiter
  • h
    Whispers CF Managed Ratelimiting
  • c
    This is only used to reduce / eliminate big attacks in the short period of time like 10 seconds, 1 minute.
  • c
    it's almost necessary to also have in application rate limiter.
  • c
    so you have more control when limiting the user.
  • h
    The paid rate limiting should also support based on API keys
  • h
    Or based on cookies, or other stuff
  • c
    for example if one user respect api rate limiter 5 requests per 10 seconds, but he can also always request results from random uncached query in order to increase my expenses.
  • c
    so for this user I can rate limit him on application level.
  • c
    as he is abusing the service even tho he is within general rate limit.
  • c
    Kinda like slowly brute forcing within api rate limiter
  • h
    I mean, you shouldn’t be billing your customers based on whether an object is cached or not
  • h
    Or limiting them
  • c
    I can make the bot that will 24/7 send 5 requests every 10 seconds (Within API rate limiter) but requests searches from random queries like:
    Copy code
    jNyp9PwRpnxNb2AsZaT3
82H3HmCYprB5hwC75c2j
5JaTC4JWXsEWMFV4GAVQ
B9fPabUnN6q3S6xj5j7E
....
  • c
    and Bing API costs $3 per 1000 requests.
  • h
    With Advanced Rate-limiting, you can always add another system to lock if the user requests too many times an hour
  • h
    And if you have good logging, and you notice someone is constantly requesting fully random assets like that, you could issue a manual ban
  • h
    But also, why are you caching search results?
  • c
    Because they cost $3 per 1000 search requests.
  • c
    and I bet most people searches for the same queries like cloudflare, discord
  • c
    this would reduce my expenses by a lot.
  • d
    And more often than not I'm looking for newish results
  • h
    I mean, not really. The people looking for a non-Google alternative search engine probably don’t need search to find a heavily-trafficked website like Discord
1...227422752276...2509Latest