I'm working on a small project where I want to create a free site that allows users to input data and gets a workout routine generated by a language model. Since it's a learning project, I'm not implementing a payment system or requiring users to log in. However, I need to prevent users from spamming the site and running up costs on the language model. What are some effective ways to rate limit user access without enforcing a login requirement?
5 Answers
A simple global rate limit across all users might be the way to go. This helps keep things manageable without the hassle of authentication.
You could limit access by IP address or use cookies, but remember, both methods can be bypassed. If someone truly wants to use the tool, they might be willing to create an account just to avoid any limits. It’s a trade-off to consider!
Setting a cookie and rate limiting based on that sounds like a plan! Just remember to also cap requests by IP for those who manage to bypass cookies.
There’s no foolproof way to prevent abuse without tying requests to user identities. You could set up IP and session rate limits and maybe even throw in a CAPTCHA to deter bots. Just keep in mind that someone determined could still change their IP with a VPN.
Using IP address rate limiting is one of the easiest and most effective methods without requiring logins. This can be managed on your server or through middleware, and keep in mind that it's a common approach. Just ensure your LLM API key isn’t exposed on the front end!
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads