1

On my site I need to throttle user requests for various reasons:

  • Prevent overquerying of database or 3rd party apis
  • Prevent spam
  • Preventing others from scraping my data

I was wondering what the best practices are for throttling? Should it be done at the script level (PHP/MySQL) or at the server level (Apache)?

And are there any specific best practices I should keep in mind with regards to throttling?

Ben G
  • 26,091
  • 34
  • 103
  • 170
  • possible duplicate of [How to throttle login attempts - PHP & MySQL & CodeIgniter](http://stackoverflow.com/questions/5037083/how-to-throttle-login-attempts-php-mysql-codeigniter) – Alix Axel May 05 '11 at 03:58

2 Answers2

1

This should ideally be done at the network / firewall level or at the very least on Apache.

PHP throttling is possible too, but it should only be done if you want to deny the access to the resource and not just delaying. Refer to this answer (and comments) I gave in a similar question for more details:

Community
  • 1
  • 1
Alix Axel
  • 151,645
  • 95
  • 393
  • 500
  • @babonk: Because at the PHP level you are consuming much more resources (CPU, RAM, allocated clients) which kinda defeats the purpose throttling tries to solve. – Alix Axel May 05 '11 at 15:24
  • any good examples of implementing the throttle at network/firewall level? – Antony Mar 04 '12 at 15:20
  • 1
    @Antony: That would probably be a nice question for ServerFault. – Alix Axel Mar 04 '12 at 16:45
0

off the top of my head, there are a couple that you might want to consider using:

1) You could use JavaScript to create intervals that sets flags so that you can check back with the flag to ensure that they don't request within the interval period.

2) You could use PHP and store their requests time in the session that you're running and check against that so that they don't make requests too frequently.

3) You could use MySQL to log when their last access time was and see if they should be allowed to use the resource.

Generally these methods are divided into client side and server side. Deploy whichever you feel most comfortable with and is most convenient for yourself.

Not all deployments allow you to modify the Apache Server config :)

Hope it helps. Cheers!

Vern
  • 2,393
  • 1
  • 15
  • 18
  • MySQL (or any other RDBMS) might not be the best choice for all kinds of throttling (see the link I posted in my answer). – Alix Axel May 05 '11 at 15:25