Easy solution to rate limit. Require initial request to get 1 time token with a ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

fijiaarone 20 days ago | parent | context | favorite | on: Curl-Impersonate

Easy solution to rate limit. Require initial request to get 1 time token with a 1 second delay And then require valid requests to include the token. The token returned has a salt with something like timestamp and ip. That way they can only bombard the token generator.

get /token

Returns token with timestamp in salted hash

get /resource?token=abc123xyz

Check for valid token and drop or deny.

int0x29 20 days ago [–]

As at least one person working on this has pointed out in this thread: their adversaries have IP blocks and ASNs.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact