Implement rate limiting on reset rate limit lambda #127
Comments
|
Hi @RahulGoyal-tech do we plan to keep this configuration of being called twice a day configurable? say if the traffic is genuiene and we want to serve, also we can think if this should be kept in a db, to avoid any deployment, and near real time updation happening. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue Description
Currently lambdas operating in feature flag service has rate limit implementation using a down counter, where, count is decreased on every request to lambda. After the limit ends, access to the lambda gets restricted for all users. To reset this rate limit of any lambda, we have a separate lambda which executes a db event to update the limits. Now this reset rate limit lambda does not have a rate limit and hence becomes vulnerable to DOS and other such attacks.
To resolve this, a time based rate limiting will be implemented on this lambda which will allow it to be called only 2 times a day.
Expected Behavior
Reset Rate Limit Lambda is rate limited to 2 calls per day.
Current Behavior
Reset Rate Limit Lambda is not rate limited is vulnerable to DOS and other such attacks.
The text was updated successfully, but these errors were encountered: