Module kvarn::limiting

source ·
Expand description

Limits traffic from a IP address to partially mitigate attacks.

Kvarn’s limiting is smart; when a client first makes to many requests, a hard-coded 429 Too Many Requests is sent back. It the spam continues, the current connection and all future streams are blocked, until the limit resets.

The thresholds are configurable and have sensible defaults.

After reset_time is elapsed, all stored request counts are cleared. Longer reset_times and higher max_requests can be less forgiving for clients, but safer for the server, and vise versa.


  • Data used to limit requests.


  • The strength of limiting.