> Hey guys,
>
> I'm looking to "rate limit" login attempts to an API once the supplied
> username is tried over a certain number of times unsuccessfully. Right
> now, I have a call to Python's time.sleep callable before I send back a
> 500 and am wondering if there's anything I can do to free up the worker
> rather than have it wait.
>
> My brain is telling me that's my only option, and I'm quite happy to pay
> that tax, but I thought I'd see if anyone here had any ideas.
>
> Roberto: Thanks for all your work on uWSGI - it really *is* appreciated.
>
> --
> Mel Boyce
> thestack.co
> _______________________________________________
> uWSGI mailing list
> [email protected]
> http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
>
*** DISCLAIMER ***
the following code snippet violates WSGI in every possible way, if you are
a WSGI fundamentalist do not use it !!!
***
# slow.py
import threading
import time
import os
import uwsgi
# this function is execute for bad users
def wait_before_500(fd):
time.sleep(5)
os.write(fd, "HTTP 1.0 500 Throttled !!!\r\n\r\n")
os.close(fd)
def application(env, sr):
is_bad_user = True
if is_bad_user:
# hold the connection with the client opened
duped_fd = os.dup(uwsgi.connection_fd())
t = threading.Thread(target=wait_before_500, args=[duped_fd])
t.daemon = True
t.start()
return ""
# rest of your code
pass
# run it
uwsgi --http-socket :9090 --wsgi-file slow.py --enable-threads
Offloading would be a better approach for sure, but currently its api
lacks timeout management.
--
Roberto De Ioris
http://unbit.it
_______________________________________________
uWSGI mailing list
[email protected]
http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
