redis-doc icon indicating copy to clipboard operation
redis-doc copied to clipboard

Published 20 hours ago verified publisher icon redis

Command INCR - Pattern: Rate limiter

Open atealxt opened this issue 7 years ago • 3 comments

Hi,

The Pattern: Rate limiter in command INCR doc [1] has a case to be invalid.

When the request count haven't hit the quota, if fire huge of requests at the same time, most/many of those may cross the validation. The time window exists between after the checking and updating the counter. I verified the issue by created num of threads and execute the example code in Java.

It can be fixed by put in a Lua script like:

local current = tonumber(redis.call("get", "the key"))
if (current ~= nil and current >= 10) then
    error("too many requests per second")
end
redis.call("incr", "the key")
redis.call("expire", "the key", 10)

This is a common case for heavy traffic system/API or protected from attack. I think it's better to update this or mention in the doc.

Thanks!

atealxt avatar Dec 02 '16 08:12 atealxt

I write a blog post in detail here: http://atealxt.github.io/2016/12/11/redis-pattern-rate-limiter.html

atealxt avatar Dec 11 '16 07:12 atealxt

Hi @atealxt,

It would be best if you could just open a PR with the proposed changed to the doc - I'm not sure where you want to apply them.

Also please note that in the script you've supplied you're not using the KEYS and ARGV tables to pass the key names and script arguments.

itamarhaber avatar Dec 17 '16 13:12 itamarhaber

Thanks @itamarhaber,

I have submit the PR 782, please let me know if it make sense.

atealxt avatar Dec 18 '16 09:12 atealxt