API Management Solutions [closed]

Solution 1:

I think you overestimate how hard this is.

In your code just have a counter with redis/memcached/mongodb (1/24 hour counter or hourly/daily counter depending on your needs) and return the appropriate error when the limit has been met. You can either increment the counts right there, or do that asynchronously when processing your logs.

For showing the data, just make a simple web page summarizing the counts as needed.

For our use we don't need to limit things exactly, so we generally just log through our log infrastructure and one of the (real-time-ish through scribe) log processors will summarize this sort of thing. The output is a simple HTML page with the busy IPs/clients, some page that nagios can monitor and some URLs that munin pulls data from to make graphs.

Solution 2:

You can use naxsi with nginx. just override your /requestDenied location with limit rules you need:

map naxsi redirect parameters to corresponding limit:

map $arg_uri $limit_uri {
  123.php   limit_zone1;
  234.php   limit_zone2;
default limit_default;
}

use limits in location:

 location /RequestDenied {
     proxy_pass http://127.0.0.1:4242;
     limit_req $limit_uri;
   }