DDP Rate limiter - how to use IP and connection based rules?


I’m building an application that exposes a meteor method for voting on posts. Our requirement is to enable anonymous voting without the need to being logged in. We’re looking into ways how we could make such functionality still secure. One of the things we’d like to implement is a rule on DDP rate limiter that would limit the frequency of requests coming from a particular IP and/or connection. Rate limiter’s section in meteor docs is very short. Do you know more how to use properties other than userId for rate limiting? All documents and examples I was able to find show to how to implement a rule with userId only.

Have you looked at meteorhacks:sikka? It supports rate limiting by IP (quite easily).

1 Like

Thanks. Indeed looks like it has all we need and even more.