RateLock is a standalone HTTP rate-limiting microservice designed to protect APIs from abuse such as brute-force attacks, scraping, and excessive client requests.
Instead of embedding rate limiting into every backend service, applications can call RateLock before processing requests.
Traditional per-service middleware causes:
- duplicated logic
- inconsistent enforcement
- difficult scaling
- no centralized visibility
RateLock centralizes traffic control into a single service backed by Redis.
- Sliding Window
- Fixed Window
- Token Bucket
- Redis-backed persistence
- Atomic Lua scripts (race-condition safe)
- Concurrency-safe under multi-threaded load
- Cost-based requests
- Retry-After calculation
- HTTP API for service-to-service communication
- Works as external infrastructure service
Client → Application Service → RateLock → Redis → Decision → Application Response
A protected authentication server is included (auth_app.py).
It calls RateLock before validating login credentials and blocks brute-force attempts after 5 failed logins.
(ensure Redis is running on localhost:6379)
Live API: https://ratelock.onrender.com/docs
Live Demo: https://ratelock-seven.vercel.app/