Rate Limiter - Documentation (ODC)

Stable version 0.1.2 (Compatible with ODC)

Uploaded on 16 October 2025 by Miguel Reis

Documentation

0.1.2

Rate Limiting and Blocking Documentation

Introduction
Configuration Parameters
Blocking Behavior Summary
Timers and Schedules
High-Throughput Considerations

Introduction

This document describes the configuration, behavior, and operational tasks of the system's rate limiting and blocking module.
The system monitors service usage, enforces request thresholds, and optionally escalates repeated violations to a user-level block.

It separates detection from enforcement, allowing applications to define custom responses to limit breaches.
Configuration includes limits on requests per minute (RPM), requests per day (RPD), escalation rules, notification settings, temporary data retention, and administrative overrides.

Additionally, a set of timers and scheduled tasks ensures rate-limiting data is maintained, evaluated, and purged automatically to support both operational reliability and analytics accuracy.

Rate Limit Evaluation Methods

1. RateLimitEvaluationToUsers
Evaluates whether a user should be blocked based on service and application usage. This does not track individual machines.

Inputs:
- ServiceName: The service being used.
- AppName: The client application name.
Output:
- BlockRequest: Boolean flag indicating whether the user exceeds the rate limit.

2. RateLimitEvaluationToAPI
Evaluates whether an incoming API request should be blocked based on the service, application, and machine ID.

Inputs:
- ServiceName: The service being called.
- AppName: The client application name.
- MachineId: Unique identifier for the client machine.
Output:
- BlockRequest: Boolean flag indicating whether the request exceeds the rate limit.

Configuration Parameters

Parameter	Default	Description
BlockedServiceDurationMinutesForRPD	1440	Duration (minutes) a service remains blocked after exceeding RPD (24 hours).
BlockedServiceDurationMinutesForRPM	1	Duration (minutes) a service remains blocked after exceeding RPM. Restored automatically.
BlockUserSwitch	False	Enables escalation to user-level blocks. False keeps blocking at service level only.
BlockUserWindowInHours	24	Monitoring window for repeated violations to escalate to a user block.
DaysToPurgeTemporaryData	15	Number of days to retain temporary rate-limit data before automatic purge.
DefaultNumberOfPositivesToBlockUser	10	Number of limit breaches required to escalate to a user-level block.
GeneralSwitch	False	Global switch to enable/disable the rate-limiting module.
JustRegisterRequest	False	Records requests without enforcing blocks; useful for testing or diagnostics.
NotificationEmail	-	Email for sending alerts about blocked services or users.
RequestTimeOut	2	Maximum time (seconds) allowed for processing a request before timeout.
RPDDefault	999999999	Default daily request limit for services without explicit configuration.
RPMDefault	60	Default per-minute request limit for services without explicit configuration.
RPMLimitMultiplicationMarginFactor	1.5	Factor to allow minor short-term spikes above RPM before triggering a signal.
RPMMaximumToAnalytics	150	Upper bound for RPM values included in analytics.
RPMMinimumToAnalytics	10	Lower bound for RPM values included in analytics.

Blocking Behavior Summary

Service-Level Block: Temporary, automatically restored once usage falls below thresholds. No administrative action required.
User-Level Block: Permanent (if enabled), requiring manual administrative intervention to restore access.
The system supports notifications and temporary data retention to support monitoring and analytics.

Timers and Scheduled Tasks

The system relies on several timers and scheduled tasks to maintain data integrity, evaluate usage, and perform automatic operations.

Timer / Task	Configuration	Description
DeleteAll	Run as needed to clear all temporary or queued data	Deletes all temporary or queued data.
DeleteAllServicesBlockages	Run as needed to clear service-level blocks	Clears all service-level blocks.
DeleteAllUserEvaluations	Run as needed to purge user-level evaluation data	Purges all user-level evaluation data for block calculations.
DeleteRPMConfigurations	Run when RPM configuration needs reset	Deletes current RPM configuration data.
EvaluateRequest	Runs on each request. Triggered at runtime	Evaluates requests against thresholds and signals limit breaches.
Populate1MilionRecords	Run during testing or analytics initialization	Populates test or baseline data for analytics or simulation.
PopulateLimitWithMeasured	Run daily at low-traffic hours. Depends on PopulateMeasuredMaxRPM timer. Not completely tested, so advice to test it or leave it empty	Populates limits based on measured traffic patterns.
PopulateMeasuredMaxRPM	Run periodically after data collection to provide statistics on requests.	Updates maximum RPM values based on observed measurements.
ProcessRequestUserAnalyses	Run after request evaluation. Triggered at runtime	Analyzes user request patterns for potential escalations.
PurgeData	Run daily at off-peak hours	Purges old temporary or historical data according to retention rules.
ResetAllRPDToDefault	Run when daily limits need reset	Resets daily request limits to default values.
ResetAllRPMToDefault	Run when per-minute limits need reset	Resets per-minute request limits to default values.
SendNotificationEmail	Run after any block event or daily summary	Sends alerts for blocked services or users based on configured email.

These timers ensure the system remains consistent, efficient, and responsive, maintaining accurate usage statistics and analytics for both service-level and user-level monitoring.

High-Throughput Considerations

The system is designed to handle request volumes efficiently while maintaining accurate rate limiting and blocking behavior. It uses a combination of cached block flags and asynchronous processing, with an optional mode to bypass the cache when needed.

Request Flow

Cache Read (Configurable) – Each incoming request normally checks a cached table containing the current service- and user-level block flags.
- If configured for uncached reads, the system will query the primary store directly, ensuring the most up-to-date block state.
Record Request – The request is recorded (e.g., in a queue or temporary store) for asynchronous processing.
Asynchronous Processing – New entries are asynchronously processed to update the blockages table, evaluate escalation rules, and trigger notifications when necessary.

Note: Because blockages are processed asynchronously, it may take a few seconds for a block to be raised after the limit has been triggered.

Benefits

Low Latency (Cached Mode): Per-request evaluation reads from the cache, avoiding database hits and reducing response times.
Consistency (Uncached Mode): Direct reads from the primary store ensure the latest block state, at the cost of higher latency.
Asynchronous Scalability: Updates and analytics processing occur asynchronously, reducing bottlenecks on the critical request path.
Comprehensive Analytics and Escalation: Request data is persisted and processed to support historical tracking and user-level block escalations.
Flexible Enforcement: Supports service-level and user-level blocking with configurable burst tolerance and escalation thresholds.

Considerations and Limitations

Cache Consistency: Cached block flags may be slightly outdated, potentially allowing some requests over the limit.
Asynchronous Lag: High traffic bursts may delay updates to user-level blocks or notifications.
Performance Trade-Off: Uncached reads ensure accurate enforcement but can introduce higher latency, which may impact throughput under heavy demand.
High-Demand Limitations: While the system scales well for moderate to high volumes, extreme or sustained peaks may require careful tuning of cache size, eviction policies, and asynchronous processing frequency.
Propagation Delay: Blocks may not be applied instantaneously due to asynchronous processing; a short delay of several seconds is possible before the block takes effect.

This design provides a balance between performance and consistency, allowing operators to configure cached or uncached reads depending on operational priorities. It is well-suited for enterprise or internal APIs but may face limitations under extremely high-demand loads.

Rate Limiter (ODC)

Rate Limiter (ODC)