How To Dev

Introduction In the previous article, I provided instructions on using NextJS Proxy to check API rate limits simply. However, that application method has the following scalability flaws: Using lru-cache only stores data in memory, so when scaling to multiple pods, the rate limit check will be incorrect because pods do not share data with each other. In actual deployment, you rarely let the NextJS server receive requests directly like that, but instead use additional CDNs (Cloudfront, Nginx) to take advantage of edge locations and their data caching capabilities. Therefore, in this article, I will provide a more comprehensive implementation from CDN, NextJS and NestJS servers to handle request spamming, including: Blacklist: automatically block IPs marked as attacking the system. Whitelist: add static IPs and only allow these IPs to use important services, such as allowing partner IPs to use services or deploying internal services accessible only via company VPN. Rate Limit: limit the n...

Introduction In the previous article, I guided you on using rewrites and proxy in NextJS. Now, we will go into a specific case to set up rate limit directly from the NextJS server to reduce the actual number of requests sent to the core service. Also in this article, I will guide you on how to configure NextJS as a reversed proxy to avoid CORS errors on the browser effectively. CORS (Cross-Origin Resource Sharing) is an HTTP-based security mechanism enforced by browsers to prevent websites from sending requests to a domain different from the current website domain (except when the target domain explicitly permits it via response HTTP headers). When the browser makes an API request to a cross origin target and the server has not configured allowance for that domain, the following error occurs: Solutions Browser-side handling (exercise caution, not recommended): you can use certain extensions or disable this feature on the browser to bypass it, but the risk is extremely high because thi...