I have a REST web service that contains a method for sending SMS messages, I would like to ensure that this functionality can only be executed every 10 seconds by any given user. Do mobile devices have unique IP address? If so will this be enough to block requests from making more than 1 request every 10 seconds?
Asked
Active
Viewed 1,947 times
-1
-
8Only on IPv6. But you really should be giving users API keys. – Michael Hampton Oct 18 '14 at 12:12
2 Answers
1
To avoid IPs exhaustion, among other things, ISPs generally use private IP addresses and NAT them through a pool of public IP addresses.
So it does not make sense to rate limit per (public) IP.
Xavier Lucas
- 13,095
- 2
- 44
- 50
-
1In other words, many users share a single IP. So, you will be blocking several users when one user makes a request. – Tero Kilkanen Oct 18 '14 at 11:59
0
Limiting each IPv4 address to one message every 10 seconds will limit the total usage of the service to 370 000 000 messages per second on average.
Any further guarantees will be entirely dependent on the providers.
Many providers are deploying carrier grade NAT, so there could be thousands of users behind a single public IPv4 address.
On the other hand, there are individuals who have access to use thousands of different public IPv4 addresses (some legitimately others not legitimately).
kasperd
- 30,455
- 17
- 76
- 124