Rate limit 100 req/min на public API endpoints
## Что это
`@rox-one/server-core/rate-limit`: per-IP + per-user. Превышение → 429 + Retry-After header. Whitelisting для trusted internal IP. Audit emit на каждый 429 для anomaly detection.
## Зачем
Без rate limit любой public endpoint — поверхность для DDoS / brute-force / scraping. 100 req/min — sane default, под прицельные use-case'ы повышается через config.
## Источники вдохновения
- [tailscale/hallpass](https://github.com/tailscale/hallpass) — rate limiting patterns
- [nextdns/nextdns](https://github.com/nextdns/nextdns) — DNS-level rate control
## 🔗 Linear
- [PZD-317](https://linear.app/kuhjie/issue/PZD-317) — backing ticket
Please authenticate to join the conversation.
Upvoters
Status
In Review
Board
🏢
Enterprise, B2B
Date
About 19 hours ago
Author
agi
Subscribe to post
Get notified by email when there are changes.
Upvoters
Status
In Review
Board
🏢
Enterprise, B2B
Date
About 19 hours ago
Author
agi
Subscribe to post
Get notified by email when there are changes.