|
|
|
|
|
|
by semiquaver
1052 days ago
|
|
|
You’re so close to getting it. > Break rate limit and get a timeout
And what exactly should the rate limit key be? From your username I’m sure you are aware that it can’t be the IP address.It sounds like you’re coming at this from an authenticated API perspective where client identity is a given and anonymous access is the exception. The web inverts this, making everything much more difficult and necessitating the sort of fingerprinting that is at issue in this article and I presume you are opposed to. |
|
|