In networks and other electronic environments, it is common for multiple users to send requests to a host, service, server, etc. As the number of users and requests increases, the number of resources needed to handle those requests increases as well. As the cost of purchasing and maintaining these resources can limit the amount of resources made available, there generally is a maximum number of requests that can be handled at any one time. If more requests are received, the quality of service can decrease significantly, as the response time might increase dramatically, requests might time out, or the system might crash or experience other problems.
One solution to this problem is to control the number of requests from any given requestor over a given timeframe. This is known as throttling. For example, a Web service might be configured to only allow up to one request per second from any given requestor. While such an approach is effective in some situations, it can be too limiting for other situations. For example, such an approach works well in an environment with a single host. If the environment utilizes several hosts, each of which can receive requests from a requestor, there is no easy way for each host to know exactly how many requests are being received from a requestor at the other hosts.
Further, there is no way to quickly, easily, or dynamically determine requestor usage and adjust the amount of throttling accordingly. In a system where throttling is controlled through configuration, it can be difficult and time consuming to monitor each requestor of a system and update configuration information accordingly. There typically is not information on a per-subscriber trending basis. If a requestor decides to abuse the system by flooding the system with requests, and that requestor is not currently throttled, the abuse might not be noticed until the next time for adjusting of the configuration data, which might be too late to avoid the brunt of the abuse. An administrator or other user would have to monitor usage and attempt to determine the source of the abuse, then manually blacklist that requestor.