How to use Hammer to count the number of times rate-limits are reached within an interval

[egeersoz]

Not a bug per se, I just wanted to see if anyone had thoughts.

We started using Hammer to deal with some spammers who have been using our app to send lots of emails. It works well so far, as in the amount of damage spammers cause is now limited (e.g. each IP address can now send X emails per minute, after which they get 429'd).

We want to take this one step further though, by adding an IP address to a blacklist if requests coming from it are rate-limited more than X times within a given interval Y. In other words, it's like rate-limiting, but at a "meta" level.

Is there a way to utilize Hammer for this purpose?

[ruslandoga]

👋 @egeersoz

An easy way would be to check the limit for the Y * X bucket, it wouldn't be a sliding window though.

[epinault]

we don t have anything like that. You would need to do what @ruslandoga suggests or you can create dynamic bucket and check 2 of them in the same time based on conditions you need?

[njwest]

We want to take this one step further though, by adding an IP address to a blacklist if requests coming from it are rate-limited more than X times within a given interval Y. In other words, it's like rate-limiting, but at a "meta" level.

My two cents: have a separate bucket with limit X for interval Y and blacklist when that limit is exceeded.

Trying to use one bucket for two different limits and timescales is a lot of complexity