From a few sources (1 2 3), I'm getting the impression that whenever people wants to rate limit requests, the tendency seems to be "wrap Tomcat behind Apache, and rate-limit on Apache". There's also the iptables solution, but that won't answer HTTP 429 ("Too many requests").
Apache is fine, but sometimes it will be nice if we can improvise small-scale deployments of a small servlet we have, but we're still being asked to rate limit requests, and setting up an Apache layer seems like a bit of overkill (at least compared to cloning a web.xml file, which we're already doing anyway).
So I'm thinking of coding a small filter to do just that (as it seems like a significant amount of non-effort) and package it with the servlet, but the eerie absence of elaborate Tomcat rate limit filters out in the open suggests that this approach might be naive. I mean, this feels so generic and so much is Open-Source-available these days. So maybe there is a really good reason that justifies the Apache solution. Apache has so many options while Tomcat seems to have none.
Why does Tomcat lack built-in rate-limit filters?
解决方案
Tomcat sure does have a rate-limit filter valve built-in. You just have to modify it to suit your needs.
144
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
