Rate Limiting
KalamDB applies rate limiting at SQL, auth, WebSocket, and per-IP connection layers.
Key Settings
| Key | Scope |
|---|---|
rate_limit.max_queries_per_sec | per-user SQL request rate |
rate_limit.max_messages_per_sec | per-WebSocket incoming message rate |
rate_limit.max_subscriptions_per_user | active live subscriptions per user |
rate_limit.max_auth_requests_per_ip_per_sec | login/setup/refresh abuse protection |
rate_limit.max_connections_per_ip | concurrent socket cap per IP |
rate_limit.max_requests_per_ip_per_sec | pre-auth request flood protection |
rate_limit.request_body_limit_bytes | request payload size guard |
rate_limit.ban_duration_seconds | temporary ban window |
rate_limit.enable_connection_protection | master switch for connection guard |
Practical Starting Point
[rate_limit]
max_queries_per_sec = 100
max_messages_per_sec = 50
max_subscriptions_per_user = 10
max_auth_requests_per_ip_per_sec = 20
max_connections_per_ip = 100
max_requests_per_ip_per_sec = 200
request_body_limit_bytes = 10485760
ban_duration_seconds = 300
enable_connection_protection = true
cache_max_entries = 100000
cache_ttl_seconds = 600Environment Strategy
- development: permissive but enabled (so behavior stays realistic)
- staging: mirror production values
- production: strict thresholds + alerts on violations
Tuning Workflow
- collect baseline traffic per endpoint and user role
- set limits just above normal peaks
- alert on near-limit and over-limit events
- adjust independently for auth, SQL, and WebSocket traffic
Signals To Monitor
- spikes in
429responses - repeated bans for same source ranges
- auth endpoint bursts
- large WebSocket fan-out patterns with rising rejection counts
Last updated on