Rate limiting a Web App

My web app URL is being sent to thousands of potential users at the moment. 17,000 sessions in the past 24 hours.
(It is a Christmas wishlist app).

The fact that thousands of people get access to it makes me fear someone will try to break the app and render it unresponsive.

Has anyone implemented rate limiting in a web app?
Are there other solutions I should consider to protect the app?

The app is currently hosted on Xojo cloud if that is relevant.

We use Cloudflare as a proxy to filter bad traffic.
It costs something, but it does it job reliantly.

1 Like

Note that there is an issue with the 2022 R2 and 3 Xojo WebApps where sockets and sessions sometimes stay open even after they should close. See https://tracker.xojo.com/xojoinc/xojo/-/issues/69982 This could cause a buildup of CPU usage under normal traffic, even without any malicious users. If you have access, you may want to test out the latest beta version of Xojo.

3 Likes

Thank you Mike D, I just deployed an update using the latest pre-release.
My WebApp was running at 1.5GB and 1 million objects in memory after 12 hours.

I have now implemented a full memory report screen to see where are the memory leaks.