ratelimit

Does an API Rate Limit see javascript requests as coming from the domain's IP, or the user's IP?

An API has a rate limit based upon the number of hits from a certain IP address. My requests are AJAX - so they're performed by a javascript living somewhere on a page. Does the IP being rate limited appear as the client's or the site's? ...

Rate limiting Django admin login with Nginx to prevent dictionary attack

I'm looking into the various methods of rate limiting the Django admin login to prevent dictionary attacks. One solution is explained here: simonwillison.net/2009/Jan/7/ratelimitcache/ However, I would prefer to do the rate limiting at the web server side, using Nginx. Nginx's limit_req module does just that - allowing you to specify ...