Distributed rate limiting is hard. He could hit multiple front ends simultaneous... | Hacker News

Hacker Timesnew | past | comments | ask | show | jobs | submit

		chatmasta on July 19, 2019 \| parent \| context \| favorite \| on: How I Could Have Hacked Any Instagram Account Distributed rate limiting is hard. He could hit multiple front ends simultaneously before they have a chance to catchup to the correct counts.

yardstick on July 19, 2019 [–]

Yeah it is hard. The enforcement would need to be done on a single backend. Not all users need to have their auth done by the same specific backend, but each user individually should always have their auth go to the same backend (or same concurrency domain, if distributed locking applies to the architecture).

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact