Rate Limitation For Not Logged In Users

How make rate limitation for not logged in users? Just with sessions? Is there standard mechanisms for this?

rate limitation… what???

Can you post you query in details?

Rate Limiting of http-queries: http://www.yiiframework.com/doc-2.0/guide-rest.html#rate-limiting

There is described a mechanism that works only for logged in users.

We experienced very similar problem before, when tried RateLimiter at the first time.

The suggestion to Yii2 core team is to design RateLimiter filter good enough not only for API calls, but to make it more reusable in simple controllers.

Here is the use case:

  • Limit number of API calls globally - 5 requests/second

  • Limit number of API calls for action1 - 30 requests/minute

  • Limit number of API calls for action2 - 60 requests/minute

  • Limit number of successfull user registrations (action /register) - 1/hour

  • Limit number of failed user logins (action /login) - 5 requests/15 minutes

  • Add possibility to have 1 shared limit for several actions

For the moment RateLimiter functional is pretty “limited” :)


are there any news about whether it is planned to extend the Yii RateLimiter to support guests? I want to implement a web service (API) where guests should have other rate limits than logged in users.

Kind regards,