Best practices for throttling a web-application?

On my site I need to throttle user requests for various reasons:

• Prevent overquerying of database or 3rd party apis
• Prevent spam
• Preventi开发者_Go百科ng others from scraping my data

I was wondering what the best practices are for throttling? Should it be done at the script level (PHP/MySQL) or at the server level (Apache)?

And are there any specific best practices I should keep in mind with regards to throttling?

---

This should ideally be done at the network / firewall level or at the very least on Apache.

PHP throttling is possible too, but it should only be done if you want to deny the access to the resource and not just delaying. Refer to this answer (and comments) I gave in a similar question for more details:

• How to throttle login attempts - PHP & MySQL & CodeIgniter

---

off the top of my head, there are a couple that you might want to consider using:

1) You could use JavaScript to create intervals that sets flags so that you can check back with the flag to ensure that they don't request within the interval period.

2) You could use PHP and store their requests time in the session that you're running and check against that so that they don't make requests too frequently.

3) You could use MySQL to log when their last access time was and see if they should be allowed to use the resource.

Generally these methods are divided into client side and server side. Deploy whichever you feel most comfortable with and is most convenient for yourself.

Not all deployments allow you to modify the Apache Server config :)

Hope it helps. Cheers!