question: Rate limiting for routes

[simonmittag]

trafficstars

Is your feature request related to a problem? Please describe. Right now we can't rate limit routes. To implement this effectively, we need the ability to easily configure a limited number of HTTP requests in a time period and enforce it on a single server.

Rate limiting has the additional problem of identifying users. Anonymous rate limiting is of limited use. You can only use IP addresses. Investigate whether bearer Token assertions may be used, if there's a standard principal in OAuth we may be able to employ for this purpose. This isn't ideal though, it couples rate limiting to OAuth.

Describe the solution you'd like TBD