It would be beneficial to be able to throttle specific types of requests. For example, rate-limiting requests to the am_following_user API (which can reveal whether or not a name is in use), to prevent username enumeration.
Our site has Amazon CloudFront, but that only allows global rate-limiting, not specific URLs.
It would be beneficial to be able to throttle specific types of requests. For example, rate-limiting requests to the
am_following_userAPI (which can reveal whether or not a name is in use), to prevent username enumeration.Our site has Amazon CloudFront, but that only allows global rate-limiting, not specific URLs.