ProficientNowTechRFCs
Platform RFCs/RFC-TENANT-SECURITY-0001: Tenant Application Security Architecture

8. Rate Limiting

RFC-TENANT-SECURITY-0001                                         Section 8
Category: Standards Track                                     Rate Limiting

8. Rate Limiting

← Network Policies | Index | Next: Tenant Isolation →

8.1 Rate Limiting Overview

8.1.1 Purpose

Rate limiting protects applications from abuse, prevents resource exhaustion, and mitigates denial-of-service attacks by controlling the rate of incoming requests.

8.1.2 Protection Targets

TargetThreatMitigation
Application availabilityDDoSRequest rate limits
Backend resourcesResource exhaustionConnection limits
Authentication systemsBrute forceLogin rate limits
API quotasAbusePer-client limits
Cost controlRunaway requestsGlobal limits

8.2 Rate Limit Types

8.2.1 Connection Limits

Controls on TCP connection establishment:

Limit TypeScopePurpose
Max connections per IPSource IPPrevent connection flooding
Max concurrent connectionsGlobalProtect backend capacity
Connection ratePer secondPrevent SYN flood

8.2.2 Request Limits

Controls on HTTP request rate:

Limit TypeScopePurpose
Requests per secondPer IPStandard rate limiting
Requests per minutePer IPBurst allowance
Requests per routePer IP per pathAPI-specific limits

8.2.3 Bandwidth Limits

Controls on data transfer:

Limit TypeScopePurpose
Request body sizePer requestPrevent large payload attacks
Response ratePer connectionPrevent download abuse

8.3 Rate Limit Hierarchy

8.3.1 Limit Layers

8.3.2 Limit Precedence

LayerAuthorityOverride Capability
GlobalPlatform TeamSets maximum ceiling
RouteTenantCan lower, not raise
ClientApplicationWithin route limits

8.3.3 Default Limits

LimitDefault ValueOverride
Requests per IP per secondPlatform-definedRoute can lower
Concurrent connections per IPPlatform-definedRoute can lower
Request body sizePlatform-definedRoute can lower
Burst allowancePlatform-definedRoute can adjust

8.4 Rate Limit Strategies

8.4.1 Token Bucket

The token bucket algorithm allows burst traffic while enforcing average rate:

ParameterDescription
Bucket sizeMaximum burst capacity
Refill rateTokens added per second
Token costTokens consumed per request

8.4.2 Sliding Window

Sliding window provides smoother rate limiting:

AspectBehavior
Window sizeConfigurable (e.g., 1 minute)
CounterRequests in current window
EvaluationCurrent + weighted previous

8.4.3 Strategy Selection

Use CaseRecommended Strategy
API rate limitingToken bucket
DDoS mitigationSliding window
Burst allowanceToken bucket
Smooth limitingSliding window

8.5 Client Identification

8.5.1 Identification Methods

MethodSourceUse Case
Source IPX-Forwarded-For headerDefault identification
API KeyHeader or query parameterAPI clients
User IDJWT claimAuthenticated users
SessionCookieWeb applications

8.5.2 IP Extraction

For clients behind proxies:

HeaderPriorityTrust
X-Forwarded-For (leftmost)1Trusted proxies only
X-Real-IP2Single proxy
Remote address3Direct connection

8.5.3 Client Categories

CategoryRate LimitRationale
AnonymousStrictestUnknown identity
AuthenticatedStandardKnown user
API PartnerHigherContracted quota
InternalRelaxedTrusted systems

8.6 Response Behavior

8.6.1 Rate Limit Response

When rate limit is exceeded:

AspectBehavior
HTTP Status429 Too Many Requests
Retry-AfterHeader with seconds until retry
Response bodyError message with limit info

8.6.2 Response Headers

HeaderPurpose
X-RateLimit-LimitMaximum requests allowed
X-RateLimit-RemainingRequests remaining
X-RateLimit-ResetUnix timestamp when limit resets
Retry-AfterSeconds to wait before retry

8.6.3 Graceful Degradation

UtilizationBehavior
Under limitNormal processing
Near limit (80%)Warning headers
At limit429 response
Sustained overloadTemporary IP block

8.7 DDoS Mitigation

8.7.1 Attack Detection

SignalDetection
Request spikeSudden traffic increase
Pattern anomalyUnusual request patterns
Geographic anomalyTraffic from unusual regions
Protocol abuseMalformed requests

8.7.2 Mitigation Responses

Attack SeverityResponse
LowIncreased rate limiting
MediumChallenge issuance
HighIP blocking
CriticalCircuit breaker activation

8.7.3 Circuit Breaker

8.8 Monitoring and Alerting

8.8.1 Rate Limit Metrics

MetricDescription
Rate limit hitsRequests that hit limits
Requests allowedRequests under limit
Requests throttled429 responses sent
Average request rateRequests per second

8.8.2 Alert Conditions

ConditionSeverityResponse
High throttle rateWarningReview limits
Sustained throttlingWarningInvestigate traffic
Circuit breaker openCriticalIncident response
DDoS detectedCriticalActivate mitigation

8.8.3 Dashboards

DashboardContent
Traffic overviewRequest rates by route
Rate limit statusLimits vs actual
Client analysisTop clients by request count
Throttle analysisThrottled requests by source

Document Navigation

PreviousIndexNext
← 7. Network PoliciesTable of Contents9. Tenant Isolation →

End of Section 8

Next

7. Network Policies

Next

9. Tenant Isolation

On this page