{"id":3454,"date":"2025-12-26T22:43:52","date_gmt":"2025-12-26T19:43:52","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/api-ve-mikroservisler-icin-rate-limiting-stratejileri-nginx-cloudflare-ve-redis-ile-trafik-kontrolu\/"},"modified":"2025-12-26T22:43:52","modified_gmt":"2025-12-26T19:43:52","slug":"api-ve-mikroservisler-icin-rate-limiting-stratejileri-nginx-cloudflare-ve-redis-ile-trafik-kontrolu","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/api-ve-mikroservisler-icin-rate-limiting-stratejileri-nginx-cloudflare-ve-redis-ile-trafik-kontrolu\/","title":{"rendered":"API ve Mikroservisler \u0130\u00e7in Rate Limiting Stratejileri: Nginx, Cloudflare ve Redis ile Trafik Kontrol\u00fc"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#API_ve_mikroservislerde_rate_limiting_neden_bu_kadar_kritik\"><span class=\"toc_number toc_depth_1\">1<\/span> API ve mikroservislerde rate limiting neden bu kadar kritik?<\/a><\/li><li><a href=\"#Rate_limiting_temelleri_Ne_sinirlanir_nasil_sinirlanir\"><span class=\"toc_number toc_depth_1\">2<\/span> Rate limiting temelleri: Ne s\u0131n\u0131rlan\u0131r, nas\u0131l s\u0131n\u0131rlan\u0131r?<\/a><ul><li><a href=\"#Hangi_anahtara_gore_limit\"><span class=\"toc_number toc_depth_2\">2.1<\/span> Hangi anahtara g\u00f6re limit?<\/a><\/li><li><a href=\"#Hangi_matematiksel_model\"><span class=\"toc_number toc_depth_2\">2.2<\/span> Hangi matematiksel model?<\/a><\/li><\/ul><\/li><li><a href=\"#Mimari_kararlar_Rate_limiting_nerede_uygulanmali\"><span class=\"toc_number toc_depth_1\">3<\/span> Mimari kararlar: Rate limiting nerede uygulanmal\u0131?<\/a><ul><li><a href=\"#1_Edge_katmani_Cloudflare_ile_ilk_savunma_hatti\"><span class=\"toc_number toc_depth_2\">3.1<\/span> 1. Edge katman\u0131: Cloudflare ile ilk savunma hatt\u0131<\/a><\/li><li><a href=\"#2_Reverse_proxy_katmani_Nginx_ile_uygulama_onunde_ince_ayar\"><span class=\"toc_number toc_depth_2\">3.2<\/span> 2. Reverse proxy katman\u0131: Nginx ile uygulama \u00f6n\u00fcnde ince ayar<\/a><\/li><li><a href=\"#3_Paylasilan_sayac_katmani_Redis_ile_dagitik_limit\"><span class=\"toc_number toc_depth_2\">3.3<\/span> 3. Payla\u015f\u0131lan saya\u00e7 katman\u0131: Redis ile da\u011f\u0131t\u0131k limit<\/a><\/li><\/ul><\/li><li><a href=\"#Cloudflare_ile_edge_rate_limiting_tasarimi\"><span class=\"toc_number toc_depth_1\">4<\/span> Cloudflare ile edge rate limiting tasar\u0131m\u0131<\/a><ul><li><a href=\"#Tipik_kullanim_senaryolari\"><span class=\"toc_number toc_depth_2\">4.1<\/span> Tipik kullan\u0131m senaryolar\u0131<\/a><\/li><li><a href=\"#Basit_bir_rate_limit_kurali_mantigi\"><span class=\"toc_number toc_depth_2\">4.2<\/span> Basit bir rate limit kural\u0131 mant\u0131\u011f\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#Nginx_ile_uygulama_onunde_rate_limiting\"><span class=\"toc_number toc_depth_1\">5<\/span> Nginx ile uygulama \u00f6n\u00fcnde rate limiting<\/a><ul><li><a href=\"#Temel_IP_bazli_rate_limit_ornegi\"><span class=\"toc_number toc_depth_2\">5.1<\/span> Temel IP bazl\u0131 rate limit \u00f6rne\u011fi<\/a><\/li><li><a href=\"#Kullanici_veya_API_anahtari_bazli_limit\"><span class=\"toc_number toc_depth_2\">5.2<\/span> Kullan\u0131c\u0131 veya API anahtar\u0131 bazl\u0131 limit<\/a><\/li><li><a href=\"#Belirli_endpoint8217ler_icin_daha_siki_limitler\"><span class=\"toc_number toc_depth_2\">5.3<\/span> Belirli endpoint&#8217;ler i\u00e7in daha s\u0131k\u0131 limitler<\/a><\/li><li><a href=\"#429_yanitlarini_dogru_yonetmek\"><span class=\"toc_number toc_depth_2\">5.4<\/span> 429 yan\u0131tlar\u0131n\u0131 do\u011fru y\u00f6netmek<\/a><\/li><\/ul><\/li><li><a href=\"#Redis_ile_dagitik_rate_limiting_Gercek_cok_sunuculu_senaryolar\"><span class=\"toc_number toc_depth_1\">6<\/span> Redis ile da\u011f\u0131t\u0131k rate limiting: Ger\u00e7ek \u00e7ok sunuculu senaryolar<\/a><ul><li><a href=\"#Neden_Redis\"><span class=\"toc_number toc_depth_2\">6.1<\/span> Neden Redis?<\/a><\/li><li><a href=\"#Basit_sliding_window_mantigi\"><span class=\"toc_number toc_depth_2\">6.2<\/span> Basit sliding window mant\u0131\u011f\u0131<\/a><\/li><li><a href=\"#Token_bucket_icin_Redis_yaklasimi\"><span class=\"toc_number toc_depth_2\">6.3<\/span> Token bucket i\u00e7in Redis yakla\u015f\u0131m\u0131<\/a><\/li><li><a href=\"#Nginx_ile_Redis8217i_konusturmak\"><span class=\"toc_number toc_depth_2\">6.4<\/span> Nginx ile Redis&#8217;i konu\u015fturmak<\/a><\/li><\/ul><\/li><li><a href=\"#Gercek_dunya_senaryolari_Hangi_API8217ye_nasil_limit_koymali\"><span class=\"toc_number toc_depth_1\">7<\/span> Ger\u00e7ek d\u00fcnya senaryolar\u0131: Hangi API&#8217;ye nas\u0131l limit koymal\u0131?<\/a><ul><li><a href=\"#1_Public_API_Anonim_ve_kimlikli_erisim_karisik\"><span class=\"toc_number toc_depth_2\">7.1<\/span> 1. Public API: Anonim ve kimlikli eri\u015fim kar\u0131\u015f\u0131k<\/a><\/li><li><a href=\"#2_Cok_kiracili_SaaS_Farkli_paketler_farkli_haklar\"><span class=\"toc_number toc_depth_2\">7.2<\/span> 2. \u00c7ok kirac\u0131l\u0131 SaaS: Farkl\u0131 paketler, farkl\u0131 haklar<\/a><\/li><li><a href=\"#3_Ic_mikroservis_trafigi_Sadece_dis_dunya_degil\"><span class=\"toc_number toc_depth_2\">7.3<\/span> 3. \u0130\u00e7 mikroservis trafi\u011fi: Sadece d\u0131\u015f d\u00fcnya de\u011fil<\/a><\/li><\/ul><\/li><li><a href=\"#Izleme_loglama_ve_test_Limitleriniz_gercekten_calisiyor_mu\"><span class=\"toc_number toc_depth_1\">8<\/span> \u0130zleme, loglama ve test: Limitleriniz ger\u00e7ekten \u00e7al\u0131\u015f\u0131yor mu?<\/a><ul><li><a href=\"#Loglama\"><span class=\"toc_number toc_depth_2\">8.1<\/span> Loglama<\/a><\/li><li><a href=\"#Metrikler\"><span class=\"toc_number toc_depth_2\">8.2<\/span> Metrikler<\/a><\/li><li><a href=\"#Test\"><span class=\"toc_number toc_depth_2\">8.3<\/span> Test<\/a><\/li><\/ul><\/li><li><a href=\"#DCHost_altyapisinda_pratik_rate_limiting_onerileri\"><span class=\"toc_number toc_depth_1\">9<\/span> DCHost altyap\u0131s\u0131nda pratik rate limiting \u00f6nerileri<\/a><ul><li><a href=\"#Kucuk_ve_orta_olcekli_API_projeleri\"><span class=\"toc_number toc_depth_2\">9.1<\/span> K\u00fc\u00e7\u00fck ve orta \u00f6l\u00e7ekli API projeleri<\/a><\/li><li><a href=\"#Buyuyen_SaaS_ve_cok_kiracili_mimariler\"><span class=\"toc_number toc_depth_2\">9.2<\/span> B\u00fcy\u00fcyen SaaS ve \u00e7ok kirac\u0131l\u0131 mimariler<\/a><\/li><li><a href=\"#Yuksek_trafikli_ve_kritik_API8217ler\"><span class=\"toc_number toc_depth_2\">9.3<\/span> Y\u00fcksek trafikli ve kritik API&#8217;ler<\/a><\/li><\/ul><\/li><li><a href=\"#Sonuc_ve_yol_haritasi\"><span class=\"toc_number toc_depth_1\">10<\/span> Sonu\u00e7 ve yol haritas\u0131<\/a><\/li><\/ul><\/div>\n<h2><span id=\"API_ve_mikroservislerde_rate_limiting_neden_bu_kadar_kritik\">API ve mikroservislerde rate limiting neden bu kadar kritik?<\/span><\/h2>\n<p>API tasarlarken \u00e7o\u011fu ekip \u00f6nceli\u011fi do\u011frulama, veritaban\u0131 modeli ve i\u015f kurallar\u0131na verir. Trafik kontrol\u00fc ve rate limiting ise genellikle proje canl\u0131ya yakla\u015ft\u0131\u011f\u0131nda, y\u00fck testleri veya maliyet analizi s\u0131ras\u0131nda g\u00fcndeme gelir. Oysa iyi tasarlanm\u0131\u015f bir rate limiting stratejisi, hem performans hem g\u00fcvenlik hem de altyap\u0131 maliyetleri a\u00e7\u0131s\u0131ndan en az mimari se\u00e7imleriniz kadar belirleyicidir.<\/p>\n<p>\u00d6rne\u011fin \u00e7ok kirac\u0131l\u0131 bir SaaS uygulamas\u0131 geli\u015ftirdi\u011finizi d\u00fc\u015f\u00fcn\u00fcn. Ayn\u0131 API \u00fczerinde, \u00fccretsiz plandaki binlerce k\u00fc\u00e7\u00fck m\u00fc\u015fteri ile y\u00fcksek hacimli kurumsal m\u00fc\u015fteriler ayn\u0131 altyap\u0131y\u0131 kullan\u0131yor. Do\u011fru rate limit politikalar\u0131 tan\u0131mlamazsan\u0131z, tek bir agresif istemci veritaban\u0131n\u0131z\u0131 kilitleyebilir, di\u011fer t\u00fcm m\u00fc\u015fterileriniz yava\u015flayan API y\u00fcz\u00fcnden \u015fikayet etmeye ba\u015flayabilir. \u00dcstelik bu durum ek CPU, RAM ve bant geni\u015fli\u011fi maliyetlerine de yol a\u00e7ar.<\/p>\n<p>Bu yaz\u0131da, DCHost altyap\u0131s\u0131nda s\u0131k\u00e7a uygulad\u0131\u011f\u0131m\u0131z yakla\u015f\u0131mlara dayanarak, <strong>Nginx, Cloudflare ve Redis kullanarak API ve mikroservisler i\u00e7in u\u00e7tan uca rate limiting mimarisi<\/strong> nas\u0131l kurulur, ad\u0131m ad\u0131m ele alaca\u011f\u0131z. Temel modellerden, ger\u00e7ek d\u00fcnya senaryolar\u0131na; edge (Cloudflare) katman\u0131ndan uygulama (Nginx) ve payla\u015f\u0131lan saya\u00e7 (Redis) taraf\u0131na kadar pratik olarak uygulayabilece\u011finiz bir \u00e7er\u00e7eve \u00e7izmeye \u00e7al\u0131\u015faca\u011f\u0131m.<\/p>\n<h2><span id=\"Rate_limiting_temelleri_Ne_sinirlanir_nasil_sinirlanir\">Rate limiting temelleri: Ne s\u0131n\u0131rlan\u0131r, nas\u0131l s\u0131n\u0131rlan\u0131r?<\/span><\/h2>\n<p>Rate limiting kabaca, belirli bir s\u00fcre aral\u0131\u011f\u0131nda belirli bir kaynaktan gelen istek say\u0131s\u0131n\u0131 s\u0131n\u0131rlama i\u015flemidir. Ancak pratikte, <strong>neyi<\/strong> ve <strong>neyin \u00fczerinden<\/strong> s\u0131n\u0131rlad\u0131\u011f\u0131n\u0131z en az limit de\u011ferleri kadar \u00f6nemlidir.<\/p>\n<h3><span id=\"Hangi_anahtara_gore_limit\">Hangi anahtara g\u00f6re limit?<\/span><\/h3>\n<ul>\n<li><strong>IP bazl\u0131<\/strong>: En basit ve yayg\u0131n y\u00f6ntemdir. Ayn\u0131 IP adresinden gelen istekleri s\u0131n\u0131rlars\u0131n\u0131z. Avantaj\u0131 kolay uygulanmas\u0131; dezavantaj\u0131 ise NAT, kurumsal a\u011flar ve mobil operat\u00f6rlerde \u00e7ok say\u0131da kullan\u0131c\u0131n\u0131n ayn\u0131 IP alt\u0131ndan gelmesidir.<\/li>\n<li><strong>Kullan\u0131c\u0131\/oturum bazl\u0131<\/strong>: JWT, session id veya kullan\u0131c\u0131 id \u00fczerinden limit koyars\u0131n\u0131z. Kimlik do\u011frulamas\u0131 olan API&#8217;ler i\u00e7in daha adil bir model sunar.<\/li>\n<li><strong>API anahtar\u0131 \/ client id bazl\u0131<\/strong>: \u00dc\u00e7\u00fcnc\u00fc taraf entegrasyonlar, partner API&#8217;ler ve multi-tenant SaaS senaryolar\u0131nda idealdir. Her m\u00fc\u015fteriye ayr\u0131 kota ve h\u0131z s\u0131n\u0131r\u0131 tan\u0131mlanabilir.<\/li>\n<li><strong>Endpoint bazl\u0131<\/strong>: \u00d6zellikle maliyetli i\u015flemler (rapor \u00fcretme, d\u0131\u015f servis \u00e7a\u011fr\u0131lar\u0131, \u00f6deme ad\u0131mlar\u0131) i\u00e7in yol\/route bazl\u0131 ek limit koymak \u00e7ok i\u015fe yarar.<\/li>\n<\/ul>\n<h3><span id=\"Hangi_matematiksel_model\">Hangi matematiksel model?<\/span><\/h3>\n<ul>\n<li><strong>Fixed window (sabit pencere)<\/strong>: Dakikada 100 istek gibi, belirli zaman pencerelerinde saya\u00e7 s\u0131f\u0131rlan\u0131r. Basit ama s\u0131n\u0131r\u0131n hemen \u00f6ncesi ve sonras\u0131nda patlama etkisi olabilir.<\/li>\n<li><strong>Sliding window (kayan pencere)<\/strong>: Ger\u00e7ek zamanl\u0131 olarak son X saniyedeki istekleri hesaplar. Daha adil fakat uygulamas\u0131 biraz daha karma\u015f\u0131kt\u0131r.<\/li>\n<li><strong>Token bucket<\/strong>: Belirli h\u0131zda kova i\u00e7ine token eklenir, her istek bir token harcar. Ani k\u00fc\u00e7\u00fck patlamalara izin verir, uzun vadede h\u0131z\u0131 kontrol alt\u0131nda tutar.<\/li>\n<li><strong>Leaky bucket<\/strong>: Kova belirli sabit h\u0131zla bo\u015fal\u0131r, gelen istekler kuyru\u011fa al\u0131n\u0131r. Ta\u015fma oldu\u011funda istekler reddedilir.<\/li>\n<li><strong>E\u015f zamanl\u0131 ba\u011flant\u0131 (concurrency) limiti<\/strong>: \u00d6zellikle uzun s\u00fcren istekler i\u00e7in, ayn\u0131 anda a\u00e7\u0131k olabilecek istek say\u0131s\u0131n\u0131 s\u0131n\u0131rlar.<\/li>\n<\/ul>\n<p>Nginx taraf\u0131nda \u00e7o\u011funlukla fixed window + burst yakla\u015f\u0131m\u0131, Redis ile ise sliding window veya token bucket modelini uygulamak pratik bir kombinasyondur.<\/p>\n<h2><span id=\"Mimari_kararlar_Rate_limiting_nerede_uygulanmali\">Mimari kararlar: Rate limiting nerede uygulanmal\u0131?<\/span><\/h2>\n<p>Modern bir API mimarisinde \u00e7o\u011funlukla \u00fc\u00e7 katman\u0131n\u0131z olur: <strong>edge (CDN\/WAF)<\/strong>, <strong>reverse proxy\/API gateway (Nginx vb.)<\/strong> ve <strong>uygulama\/mikroservis katman\u0131<\/strong>. Rate limiting bu katmanlar\u0131n her birinde farkl\u0131 ama\u00e7larla konumland\u0131r\u0131labilir.<\/p>\n<h3><span id=\"1_Edge_katmani_Cloudflare_ile_ilk_savunma_hatti\">1. Edge katman\u0131: Cloudflare ile ilk savunma hatt\u0131<\/span><\/h3>\n<p>Cloudflare gibi bir CDN\/WAF katman\u0131, trafi\u011finize en d\u0131\u015ftan bakan noktad\u0131r. Burada yap\u0131lan rate limiting genellikle:<\/p>\n<ul>\n<li>DDoS benzeri y\u00fcksek hacimli sald\u0131r\u0131lar\u0131 uygulama sunucusuna ula\u015fmadan kesmek,<\/li>\n<li>Basit bot ve taray\u0131c\u0131lar\u0131 yava\u015flatmak ya da engellemek,<\/li>\n<li>Belirli \u00fclke, ASN veya IP k\u00fcmelerinden gelen trafi\u011fi s\u0131k\u0131la\u015ft\u0131rmak<\/li>\n<\/ul>\n<p>i\u00e7in kullan\u0131l\u0131r. Cloudflare taraf\u0131ndaki WAF ve rate limit ayarlar\u0131n\u0131 ad\u0131m ad\u0131m ele ald\u0131\u011f\u0131m\u0131z <a href='https:\/\/www.dchost.com\/blog\/cloudflare-guvenlik-ayarlari-rehberi-kucuk-isletme-siteleri-icin-waf-rate-limit-ve-bot-korumas\u0131\/'>Cloudflare g\u00fcvenlik ayarlar\u0131 rehberine<\/a> mutlaka g\u00f6z atman\u0131z\u0131 \u00f6neririm.<\/p>\n<h3><span id=\"2_Reverse_proxy_katmani_Nginx_ile_uygulama_onunde_ince_ayar\">2. Reverse proxy katman\u0131: Nginx ile uygulama \u00f6n\u00fcnde ince ayar<\/span><\/h3>\n<p>Nginx, hem klasik monolit PHP uygulamalar\u0131nda hem de mikroservis tabanl\u0131 yap\u0131larda API gateway veya reverse proxy olarak konumlanabiliyor. Bu katmanda rate limiting ile:<\/p>\n<ul>\n<li>Her IP veya kullan\u0131c\u0131 i\u00e7in saniye\/dakika baz\u0131nda istek h\u0131z\u0131n\u0131 s\u0131n\u0131rlayabilir,<\/li>\n<li>Belirli endpoint&#8217;ler (\u00f6rne\u011fin \/login, \/password-reset, \u00f6deme ad\u0131mlar\u0131) i\u00e7in daha s\u0131k\u0131 limitler tan\u0131mlayabilir,<\/li>\n<li>Uzun s\u00fcren istekler i\u00e7in e\u015f zamanl\u0131 ba\u011flant\u0131 say\u0131s\u0131n\u0131 kontrol edebilirsiniz.<\/li>\n<\/ul>\n<p>Nginx mod\u00fclleri ile rate limiting konusuna WordPress odakl\u0131 olarak girdi\u011fimiz <a href='https:\/\/www.dchost.com\/blog\/nginx-rate-limiting-ve-fail2ban-ile-wp%e2%80%91login-php-ve-xml%e2%80%91rpc-brute%e2%80%91force-saldirilarini-nasil-saksiya-alirsin\/'>Nginx rate limiting ve Fail2ban rehberinde<\/a> mant\u0131\u011f\u0131n nas\u0131l \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131, sald\u0131r\u0131 senaryolar\u0131 \u00fczerinden anlatm\u0131\u015ft\u0131k.<\/p>\n<h3><span id=\"3_Paylasilan_sayac_katmani_Redis_ile_dagitik_limit\">3. Payla\u015f\u0131lan saya\u00e7 katman\u0131: Redis ile da\u011f\u0131t\u0131k limit<\/span><\/h3>\n<p>API&#8217;niz birden fazla uygulama sunucusunda, hatta farkl\u0131 veri merkezlerinde \u00e7al\u0131\u015f\u0131yorsa, her node&#8217;un kendi belle\u011finde tuttu\u011fu saya\u00e7lar yeterli olmaz. Bu durumda devreye <strong>Redis tabanl\u0131 merkezi rate limiting<\/strong> girer:<\/p>\n<ul>\n<li>T\u00fcm API sunucular\u0131 ayn\u0131 Redis k\u00fcmesine ba\u011flan\u0131r.<\/li>\n<li>Her istek i\u00e7in ilgili anahtar (\u00f6rne\u011fin m\u00fc\u015fteri id + endpoint) \u00fczerinden saya\u00e7 art\u0131r\u0131l\u0131r.<\/li>\n<li>Zaman penceresi ve limit kontrol\u00fc Redis \u00fczerinde (\u00e7o\u011funlukla Lua script&#8217;leri ile) yap\u0131l\u0131r.<\/li>\n<\/ul>\n<p>Redis altyap\u0131s\u0131n\u0131n performans taraf\u0131n\u0131 daha geni\u015f a\u00e7\u0131dan anlatt\u0131\u011f\u0131m\u0131z <a href='https:\/\/www.dchost.com\/blog\/redis-cache-nedir-hosting-performansini-nasil-artirir\/'>Redis cache ve hosting performans\u0131 rehberimiz<\/a>, burada kullanaca\u011f\u0131n\u0131z Redis k\u00fcmesini tasarlarken de i\u015finize yarayacakt\u0131r.<\/p>\n<h2><span id=\"Cloudflare_ile_edge_rate_limiting_tasarimi\">Cloudflare ile edge rate limiting tasar\u0131m\u0131<\/span><\/h2>\n<p>Cloudflare&#8217;da rate limiting politikas\u0131 olu\u015ftururken \u00f6nce neyi hedefledi\u011finizi netle\u015ftirmeniz gerekir. Edge katman\u0131nda yapt\u0131\u011f\u0131n\u0131z her kontrol, uygulama sunucular\u0131n\u0131za gitmeyen istek say\u0131s\u0131n\u0131 art\u0131r\u0131r; yani hem g\u00fcvenlik hem de maliyet a\u00e7\u0131s\u0131ndan kazan\u0131rs\u0131n\u0131z.<\/p>\n<h3><span id=\"Tipik_kullanim_senaryolari\">Tipik kullan\u0131m senaryolar\u0131<\/span><\/h3>\n<ul>\n<li><strong>Login ve brute-force sald\u0131r\u0131lar\u0131<\/strong>: \/login, \/wp-login.php, \/api\/auth gibi endpoint&#8217;lere saniyede X iste\u011fin \u00fczerinde gelen IP&#8217;leri ge\u00e7ici olarak engellemek.<\/li>\n<li><strong>Scraping ve bot trafi\u011fi<\/strong>: Ayn\u0131 IP&#8217;nin k\u0131sa s\u00fcrede \u00e7ok say\u0131da farkl\u0131 URL iste\u011finde bulunmas\u0131 durumunda challenge veya yava\u015flatma uygulamak.<\/li>\n<li><strong>Belli \u00fclke veya ASN kaynakl\u0131 trafik<\/strong>: \u00d6rne\u011fin \u00f6deme API&#8217;nize sadece belirli \u00fclkelerden eri\u015fim bekliyorsan\u0131z, di\u011fer \u00fclkeler i\u00e7in \u00e7ok daha s\u0131k\u0131 limitler koymak.<\/li>\n<\/ul>\n<h3><span id=\"Basit_bir_rate_limit_kurali_mantigi\">Basit bir rate limit kural\u0131 mant\u0131\u011f\u0131<\/span><\/h3>\n<p>Cloudflare panelinde tipik bir kural kurgusu \u015fu \u015fekilde olur:<\/p>\n<ul>\n<li>Expression: (http.request.uri.path contains &#8216;\/api&#8217;) and (ip.src ne belirli whitelist&#8217;te)<\/li>\n<li>E\u015fik: 60 saniyede 120 istek<\/li>\n<li>Aksiyon: 429 d\u00f6nd\u00fcr veya y\u00f6netimli challenge uygula<\/li>\n<li>S\u00fcre: 10 dakika boyunca kural ihlal eden IP&#8217;ye uygulans\u0131n<\/li>\n<\/ul>\n<p>\u00d6nemli nokta, burada uygulad\u0131\u011f\u0131n\u0131z limitin kaba bir koruma oldu\u011fu ger\u00e7e\u011fini unutmamak. Cloudflare taraf\u0131nda API&#8217;nizin temel g\u00fcvenli\u011fini ve kaba sald\u0131r\u0131lar\u0131 s\u00fczge\u00e7ten ge\u00e7irirken, daha ince taneli m\u00fc\u015fteri bazl\u0131 limitleri Nginx ve Redis katman\u0131nda b\u0131rakmak genellikle en sa\u011fl\u0131kl\u0131 yakla\u015f\u0131md\u0131r.<\/p>\n<h2><span id=\"Nginx_ile_uygulama_onunde_rate_limiting\">Nginx ile uygulama \u00f6n\u00fcnde rate limiting<\/span><\/h2>\n<p>Nginx, hem basit IP bazl\u0131 limitler hem de daha geli\u015fmi\u015f anahtar kombinasyonlar\u0131 ile rate limiting i\u00e7in g\u00fc\u00e7l\u00fc ara\u00e7lar sunar. En \u00e7ok kullan\u0131lan mod\u00fcl <strong>limit_req_module<\/strong>&#8216;d\u00fcr.<\/p>\n<h3><span id=\"Temel_IP_bazli_rate_limit_ornegi\">Temel IP bazl\u0131 rate limit \u00f6rne\u011fi<\/span><\/h3>\n<pre class=\"language-nginx line-numbers\"><code class=\"language-nginx\">http {\n    # 1 saniyede 5 istek, burst ile k\u0131sa s\u00fcreli 10 iste\u011fe izin\n    limit_req_zone $binary_remote_addr zone=api_limit:10m rate=5r\/s;\n\n    server {\n        location \/api\/ {\n            limit_req zone=api_limit burst=10 nodelay;\n            proxy_pass http:\/\/backend_api;\n        }\n    }\n}\n<\/code><\/pre>\n<p>Burada:<\/p>\n<ul>\n<li><strong>$binary_remote_addr<\/strong> ile anahtar olarak IP adresi kullan\u0131yoruz.<\/li>\n<li><strong>rate=5r\/s<\/strong> saniyede 5 istek anlam\u0131na geliyor.<\/li>\n<li><strong>burst=10<\/strong> k\u0131sa s\u00fcreli ani patlamalara (\u00f6rne\u011fin kullan\u0131c\u0131 taray\u0131c\u0131dan h\u0131zl\u0131ca birka\u00e7 butona bast\u0131\u011f\u0131nda) izin veriyor.<\/li>\n<li><strong>nodelay<\/strong> opsiyonu, burst limitini a\u015fan istekleri direkt reddetmek yerine s\u0131raya sokmak veya hemen hata d\u00f6nd\u00fcrmek konusunda davran\u0131\u015f\u0131 etkiliyor.<\/li>\n<\/ul>\n<h3><span id=\"Kullanici_veya_API_anahtari_bazli_limit\">Kullan\u0131c\u0131 veya API anahtar\u0131 bazl\u0131 limit<\/span><\/h3>\n<p>Daha adil bir model i\u00e7in, IP yerine <strong>API anahtar\u0131 veya kullan\u0131c\u0131 id<\/strong> bazl\u0131 rate limit uygulayabilirsiniz. \u00d6rne\u011fin her istekte gelen X-Api-Key ba\u015fl\u0131\u011f\u0131n\u0131 kullanmak:<\/p>\n<pre class=\"language-nginx line-numbers\"><code class=\"language-nginx\">map $http_x_api_key $api_key {\n    default $http_x_api_key;\n    ''      $binary_remote_addr;  # header yoksa IP'ye d\u00fc\u015f\n}\n\nlimit_req_zone $api_key zone=api_key_limit:20m rate=60r\/m;\n\nserver {\n    location \/api\/ {\n        limit_req zone=api_key_limit burst=20 nodelay;\n        proxy_pass http:\/\/backend_api;\n    }\n}\n<\/code><\/pre>\n<p>Bu yakla\u015f\u0131m sayesinde, ayn\u0131 IP&#8217;den gelen farkl\u0131 API anahtarlar\u0131n\u0131 birbirinden ba\u011f\u0131ms\u0131z olarak s\u0131n\u0131rlayabilirsiniz. \u00d6zellikle mikroservis mimarisinde, her m\u00fc\u015fteri veya partner i\u00e7in ayr\u0131 API anahtar\u0131 veriyorsan\u0131z, bu model olduk\u00e7a pratik \u00e7al\u0131\u015f\u0131r.<\/p>\n<h3><span id=\"Belirli_endpoint8217ler_icin_daha_siki_limitler\">Belirli endpoint&#8217;ler i\u00e7in daha s\u0131k\u0131 limitler<\/span><\/h3>\n<p>Her endpoint e\u015fit maliyetli de\u011fildir. \u00d6rne\u011fin rapor \u00fcreten veya d\u0131\u015f sistemlerle konu\u015fan bir \/api\/report endpoint&#8217;i, basit bir \/api\/profile iste\u011finden \u00e7ok daha a\u011f\u0131r olabilir. Nginx taraf\u0131nda sadece bu endpoint&#8217;e \u00f6zel ek limit ekleyebilirsiniz:<\/p>\n<pre class=\"language-nginx line-numbers\"><code class=\"language-nginx\">limit_req_zone $binary_remote_addr zone=report_limit:10m rate=10r\/m;\n\nserver {\n    location \/api\/report {\n        limit_req zone=report_limit burst=5;\n        proxy_pass http:\/\/backend_api;\n    }\n}\n<\/code><\/pre>\n<p>Bu sayede kullan\u0131c\u0131lar\u0131n\u0131z profil verisini h\u0131zl\u0131 \u00e7ekmeye devam ederken, maliyetli rapor isteklerine y\u00fck dengesini koruyacak \u015fekilde s\u0131n\u0131r koyabilirsiniz.<\/p>\n<h3><span id=\"429_yanitlarini_dogru_yonetmek\">429 yan\u0131tlar\u0131n\u0131 do\u011fru y\u00f6netmek<\/span><\/h3>\n<p>Rate limit a\u015f\u0131ld\u0131\u011f\u0131nda sunucunun verdi\u011fi yan\u0131t genellikle <strong>429 Too Many Requests<\/strong> olur. Bu yan\u0131t\u0131n:<\/p>\n<ul>\n<li>\u0130\u00e7eri\u011finde kullan\u0131c\u0131ya net ve nazik bir mesaj bulunmas\u0131,<\/li>\n<li>Geri d\u00f6n\u00fc\u015f s\u00fcresini belirten Retry-After ba\u015fl\u0131\u011f\u0131n\u0131n yer almas\u0131,<\/li>\n<li>Uygulama log&#8217;lar\u0131nda anlaml\u0131 \u015fekilde i\u015faretlenmesi<\/li>\n<\/ul>\n<p>m\u00fc\u015fteri deneyimi ve hata analizi i\u00e7in \u00e7ok de\u011ferlidir. 4xx ve 5xx hata kodlar\u0131n\u0131 Nginx log&#8217;lar\u0131ndan nas\u0131l okuyaca\u011f\u0131n\u0131z\u0131 anlatt\u0131\u011f\u0131m\u0131z <a href='https:\/\/www.dchost.com\/blog\/hosting-sunucu-loglarini-okumayi-ogrenin-apache-ve-nginx-ile-4xx-5xx-hatalarini-teshis-rehberi\/'>sunucu loglar\u0131n\u0131 okuma rehberimiz<\/a>, burada da i\u015finizi epey kolayla\u015ft\u0131racakt\u0131r.<\/p>\n<h2><span id=\"Redis_ile_dagitik_rate_limiting_Gercek_cok_sunuculu_senaryolar\">Redis ile da\u011f\u0131t\u0131k rate limiting: Ger\u00e7ek \u00e7ok sunuculu senaryolar<\/span><\/h2>\n<p>DCHost \u00fczerinde \u00e7ok say\u0131da API&#8217;yi, birden fazla <a href=\"https:\/\/www.dchost.com\/tr\/vps\">VPS<\/a> veya <a href=\"https:\/\/www.dchost.com\/tr\/fiziksel-sunucu\">dedicated sunucu<\/a>ya yay\u0131lm\u0131\u015f \u015fekilde \u00e7al\u0131\u015ft\u0131ran m\u00fc\u015fterilerimiz var. Bu t\u00fcr ortamlarda Nginx&#8217;in kendi bellek i\u00e7i saya\u00e7lar\u0131 node baz\u0131nda kal\u0131r; yani ayn\u0131 IP, farkl\u0131 node&#8217;lara d\u00fc\u015ft\u00fc\u011f\u00fcnde limit do\u011fru \u00e7al\u0131\u015fmaz. \u0130\u015fte bu noktada Redis ile merkezi rate limiting mant\u0131\u011f\u0131 devreye girer.<\/p>\n<h3><span id=\"Neden_Redis\">Neden Redis?<\/span><\/h3>\n<ul>\n<li><strong>Tek merkezi saya\u00e7<\/strong>: T\u00fcm uygulama pod&#8217;lar\u0131 veya sunucular\u0131 ayn\u0131 Redis k\u00fcmesine ba\u011flan\u0131r.<\/li>\n<li><strong>Y\u00fcksek performans<\/strong>: Bellek i\u00e7i \u00e7al\u0131\u015fma modeli sayesinde milisaniye seviyesinde cevap verir.<\/li>\n<li><strong>Geli\u015fmi\u015f script olanaklar\u0131<\/strong>: Lua script&#8217;leriyle sliding window veya token bucket modellerini atomic \u015fekilde uygulayabilirsiniz.<\/li>\n<\/ul>\n<h3><span id=\"Basit_sliding_window_mantigi\">Basit sliding window mant\u0131\u011f\u0131<\/span><\/h3>\n<p>Sliding window i\u00e7in tipik bir mant\u0131k \u015fu \u015fekildedir:<\/p>\n<ol>\n<li>Her istek geldi\u011finde, Redis&#8217;te ilgili anahtar (\u00f6rne\u011fin rate:user_id) alt\u0131nda bir liste veya sorted set tutars\u0131n\u0131z.<\/li>\n<li>\u015eu andan X saniye \u00f6ncesine ait kay\u0131tlar\u0131 silersiniz.<\/li>\n<li>Kalan eleman say\u0131s\u0131 limitin alt\u0131ndaysa yeni iste\u011fi kabul edip zaman damgas\u0131n\u0131 eklersiniz; \u00fczerindeyse 429 d\u00f6nersiniz.<\/li>\n<\/ol>\n<p>Bunu Redis&#8217;te Lua script&#8217;i ile tek atomik i\u015flem olarak \u00e7al\u0131\u015ft\u0131rmak, yar\u0131\u015f ko\u015fullar\u0131n\u0131 (race condition) engeller ve tutarl\u0131 bir sonu\u00e7 \u00fcretir.<\/p>\n<h3><span id=\"Token_bucket_icin_Redis_yaklasimi\">Token bucket i\u00e7in Redis yakla\u015f\u0131m\u0131<\/span><\/h3>\n<p>Token bucket modelinde mant\u0131k biraz farkl\u0131d\u0131r:<\/p>\n<ul>\n<li>Her kullan\u0131c\u0131 veya API anahtar\u0131 i\u00e7in bir token sayac\u0131 saklan\u0131r.<\/li>\n<li>Zaman i\u00e7erisinde belirli h\u0131zda (\u00f6rne\u011fin saniyede 5) yeni token eklenir.<\/li>\n<li>Her istek geldi\u011finde bir token t\u00fcketilir; token yoksa istek reddedilir.<\/li>\n<\/ul>\n<p>Bu modeli uygularken genellikle saya\u00e7 yan\u0131nda son g\u00fcncelleme zaman\u0131n\u0131 da saklar, yeni istek geldi\u011finde aradan ge\u00e7en s\u00fcreye g\u00f6re eklenmesi gereken token say\u0131s\u0131n\u0131 hesaplars\u0131n\u0131z. T\u00fcm bu i\u015flem de yine tek bir Lua script&#8217;i ile Redis \u00fczerinde yap\u0131labilir.<\/p>\n<h3><span id=\"Nginx_ile_Redis8217i_konusturmak\">Nginx ile Redis&#8217;i konu\u015fturmak<\/span><\/h3>\n<p>E\u011fer Nginx&#8217;te OpenResty veya lua-nginx-module kullan\u0131yorsan\u0131z, rate limiting mant\u0131\u011f\u0131n\u0131n bir k\u0131sm\u0131n\u0131 Lua kodu ile Nginx \u00fczerinde \u00e7al\u0131\u015ft\u0131r\u0131p Redis&#8217;e ba\u011flayabilirsiniz. Alternatif olarak, rate limiting tamamen uygulama kodu (Node.js, Laravel, Go vb.) i\u00e7inde yap\u0131l\u0131p yaln\u0131zca Redis payla\u015f\u0131lan saya\u00e7 olarak kullan\u0131labilir.<\/p>\n<p>\u00d6nemli olan, <strong>t\u00fcm sunucular\u0131n ayn\u0131 veri kayna\u011f\u0131n\u0131 kullanmas\u0131<\/strong> ve bu veri kayna\u011f\u0131na eri\u015fimin gecikme ve hata durumlar\u0131nda ne olaca\u011f\u0131n\u0131 net tan\u0131mlaman\u0131zd\u0131r. Redis k\u00fcmenizin y\u00fcksek eri\u015filebilirlik tasar\u0131m\u0131nda, DCHost \u00fczerinde ayr\u0131 bir Redis VPS&#8217;i veya ayr\u0131lm\u0131\u015f bir Redis dedicated sunucusu konumland\u0131rmak pratik bir \u00e7\u00f6z\u00fcm olur.<\/p>\n<h2><span id=\"Gercek_dunya_senaryolari_Hangi_API8217ye_nasil_limit_koymali\">Ger\u00e7ek d\u00fcnya senaryolar\u0131: Hangi API&#8217;ye nas\u0131l limit koymal\u0131?<\/span><\/h2>\n<p>Teoriden prati\u011fe ge\u00e7elim. DCHost m\u00fc\u015fterilerinde s\u0131k g\u00f6rd\u00fc\u011f\u00fcm\u00fcz \u00fc\u00e7 senaryo \u00fczerinden ilerleyelim: herkese a\u00e7\u0131k public API, \u00e7ok kirac\u0131l\u0131 SaaS API&#8217;si ve i\u00e7 mikroservis trafi\u011fi.<\/p>\n<h3><span id=\"1_Public_API_Anonim_ve_kimlikli_erisim_karisik\">1. Public API: Anonim ve kimlikli eri\u015fim kar\u0131\u015f\u0131k<\/span><\/h3>\n<p>\u00d6rne\u011fin \u015fehir bazl\u0131 hava durumu veya d\u00f6viz kuru sa\u011flayan bir public API&#8217;niz olsun. Hem anonim eri\u015fime izin veriyorsunuz, hem de kay\u0131tl\u0131 m\u00fc\u015fterileriniz var.<\/p>\n<ul>\n<li><strong>Cloudflare katman\u0131<\/strong>: IP bazl\u0131 kaba rate limit (\u00f6rne\u011fin 1 dakikada 300 istek \u00fczeri 10 dakikal\u0131k engel) ve WAF ile temel bot filtreleme.<\/li>\n<li><strong>Nginx katman\u0131<\/strong>:\n<ul>\n<li>Anonim istekler i\u00e7in IP bazl\u0131 d\u00fc\u015f\u00fck limit (dakikada 30),<\/li>\n<li>Kay\u0131tl\u0131 m\u00fc\u015fteriler i\u00e7in X-Api-Key \u00fczerinden daha y\u00fcksek ve paket bazl\u0131 limit (dakikada 600, 3000 vb.).<\/li>\n<\/ul>\n<\/li>\n<li><strong>Redis katman\u0131<\/strong>: T\u00fcm Nginx node&#8217;lar\u0131, m\u00fc\u015fteri bazl\u0131 limitler i\u00e7in Redis&#8217;te merkezi saya\u00e7 kullan\u0131r. Sliding window ile daha adil da\u011f\u0131l\u0131m sa\u011flan\u0131r.<\/li>\n<\/ul>\n<p>Bu mimaride, anonimler edge ve Nginx katman\u0131nda g\u00fc\u00e7l\u00fc \u015fekilde filtrelenirken, gelir getiren m\u00fc\u015fterileriniz i\u00e7in daha esnek ve m\u00fc\u015fteri plan\u0131na g\u00f6re ayarlanabilir bir limit modeliniz olur.<\/p>\n<h3><span id=\"2_Cok_kiracili_SaaS_Farkli_paketler_farkli_haklar\">2. \u00c7ok kirac\u0131l\u0131 SaaS: Farkl\u0131 paketler, farkl\u0131 haklar<\/span><\/h3>\n<p>\u00d6rne\u011fin bir CRM SaaS uygulaman\u0131z var ve Basic, Pro, Enterprise gibi katmanlar\u0131n\u0131z bulunuyor. Her plan i\u00e7in farkl\u0131 API limiti vermek istiyorsunuz.<\/p>\n<ul>\n<li><strong>Plan bazl\u0131 anahtar<\/strong>: Her m\u00fc\u015fteriye atad\u0131\u011f\u0131n\u0131z client_id ile birlikte plan bilgisini de uygulaman\u0131z biliyor. Redis anahtar\u0131n\u0131z\u0131 plan + m\u00fc\u015fteri id \u015feklinde kurgulayabilirsiniz.<\/li>\n<li><strong>Redis ile kota takibi<\/strong>: Sadece saniye\/dakika de\u011fil, g\u00fcnl\u00fck ve ayl\u0131k toplam istek say\u0131s\u0131n\u0131 da takip edip yumu\u015fak ve sert limitler tan\u0131mlayabilirsiniz.<\/li>\n<li><strong>Nginx ile h\u0131z kontrol\u00fc<\/strong>: Anl\u0131k h\u0131z limitlerine Nginx bakarken, toplam kota takip ve uyar\u0131 sistemini uygulama + Redis ikilisi y\u00f6netir.<\/li>\n<\/ul>\n<p>Bu tip bir SaaS&#8217;te, DCHost \u00fczerinde ayr\u0131 bir Redis VPS veya managed Redis k\u00fcmesi konumland\u0131rmak, hem performans hem de \u00f6l\u00e7eklenebilirlik a\u00e7\u0131s\u0131ndan uzun vadede ciddi avantaj sa\u011flar.<\/p>\n<h3><span id=\"3_Ic_mikroservis_trafigi_Sadece_dis_dunya_degil\">3. \u0130\u00e7 mikroservis trafi\u011fi: Sadece d\u0131\u015f d\u00fcnya de\u011fil<\/span><\/h3>\n<p>Mikroservis mimarisinde \u00e7o\u011fu ekip rate limiting&#8217;i sadece d\u0131\u015far\u0131ya a\u00e7\u0131k API&#8217;lerde d\u00fc\u015f\u00fcn\u00fcr. Oysa i\u00e7 servisler aras\u0131nda da yanl\u0131\u015f yap\u0131land\u0131r\u0131lm\u0131\u015f bir batch job veya sonsuz d\u00f6ng\u00fc, di\u011fer servisleri kilitleyebilir.<\/p>\n<ul>\n<li><strong>Servis bazl\u0131 limit<\/strong>: Her mikroservis i\u00e7in bir client id tan\u0131mlay\u0131p Redis \u00fczerinden, \u00e7a\u011f\u0131rd\u0131\u011f\u0131 servis ba\u015f\u0131na limit koyabilirsiniz.<\/li>\n<li><strong>Queue ve asenkron i\u015flemler<\/strong>: B\u00fcy\u00fck hacimli i\u015flerinizi queue sistemine (RabbitMQ, Kafka vb.) at\u0131p, API \u00fczerinden sadece tetikleme iste\u011fi alacak \u015fekilde tasarlayarak, rate limiting bask\u0131s\u0131n\u0131 azaltabilirsiniz.<\/li>\n<li><strong>G\u00f6zlemlenebilirlik<\/strong>: \u0130\u00e7 servislerin birbirini nas\u0131l \u00e7a\u011f\u0131rd\u0131\u011f\u0131n\u0131 g\u00f6rmek i\u00e7in log ve metrik toplay\u0131p alarmlar kurmak \u00e7ok kritik. Bu konuda <a href='https:\/\/www.dchost.com\/blog\/vps-izleme-ve-alarm-kurulumu-prometheus-grafana-ve-uptime-kuma-ile-baslangic\/'>VPS izleme ve alarm kurulum rehberimizde<\/a> anlatt\u0131\u011f\u0131m\u0131z Prometheus\/Grafana yakla\u015f\u0131m\u0131 mikroservisler i\u00e7in de birebir ge\u00e7erlidir.<\/li>\n<\/ul>\n<h2><span id=\"Izleme_loglama_ve_test_Limitleriniz_gercekten_calisiyor_mu\">\u0130zleme, loglama ve test: Limitleriniz ger\u00e7ekten \u00e7al\u0131\u015f\u0131yor mu?<\/span><\/h2>\n<p>Rate limiting, bir kere ayarlay\u0131p unutaca\u011f\u0131n\u0131z bir konu de\u011fildir. Yanl\u0131\u015f kurgulanm\u0131\u015f bir limit, ger\u00e7ek sald\u0131rganlar\u0131 de\u011fil, en de\u011ferli m\u00fc\u015fterilerinizi engelleyebilir. Bu y\u00fczden \u00fc\u00e7 alanda s\u00fcrekli g\u00f6z\u00fcn\u00fcz\u00fcn a\u00e7\u0131k olmas\u0131 gerekir: loglama, metrikler ve test.<\/p>\n<h3><span id=\"Loglama\">Loglama<\/span><\/h3>\n<ul>\n<li>429 yan\u0131tlar\u0131n\u0131 ayr\u0131 bir log format\u0131 veya ayr\u0131 bir dosyaya yazd\u0131rmak,<\/li>\n<li>Hangi endpoint, hangi anahtar ve hangi IP kombinasyonu ile limit a\u015f\u0131ld\u0131\u011f\u0131n\u0131 kaydetmek,<\/li>\n<li>Redis taraf\u0131nda script hata ve gecikmelerini izlemek<\/li>\n<\/ul>\n<p>olas\u0131 yanl\u0131\u015f pozitifleri erken fark etmenizi sa\u011flar. Nginx ve Apache log formatlar\u0131n\u0131 nas\u0131l okuman\u0131z gerekti\u011fini detayl\u0131 anlatt\u0131\u011f\u0131m\u0131z <a href='https:\/\/www.dchost.com\/blog\/hosting-sunucu-loglarini-okumayi-ogrenin-apache-ve-nginx-ile-4xx-5xx-hatalarini-teshis-rehberi\/'>log analizi rehberi<\/a>, rate limiting hatalar\u0131n\u0131 te\u015fhis ederken do\u011frudan kullan\u0131labilir.<\/p>\n<h3><span id=\"Metrikler\">Metrikler<\/span><\/h3>\n<ul>\n<li>Toplam istek say\u0131s\u0131,<\/li>\n<li>429 oran\u0131 (toplam iste\u011fe oranla),<\/li>\n<li>Endpoint bazl\u0131 429 da\u011f\u0131l\u0131m\u0131,<\/li>\n<li>Redis gecikme s\u00fcreleri ve hata oranlar\u0131<\/li>\n<\/ul>\n<p>gibi metrikleri Prometheus ve Grafana ile toplay\u0131p panellerde izlemek, limitlerinizin ger\u00e7ek hayatta ne kadar agresif oldu\u011funu g\u00f6rmenizi sa\u011flar. Bu konuda giri\u015f seviyesinde bir kurulum i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/vps-izleme-ve-alarm-kurulumu-prometheus-grafana-ve-uptime-kuma-ile-baslangic\/'>VPS izleme rehberimize<\/a> g\u00f6z atabilirsiniz.<\/p>\n<h3><span id=\"Test\">Test<\/span><\/h3>\n<p>Canl\u0131ya almadan \u00f6nce mutlaka <strong>y\u00fck testi<\/strong> ve <strong>senaryo bazl\u0131 rate limit testi<\/strong> yapman\u0131z gerekir:<\/p>\n<ul>\n<li>Anonim y\u00fcksek hacimli istekler ile Cloudflare ve Nginx limitlerini tetikleyin.<\/li>\n<li>Farkl\u0131 planlardaki m\u00fc\u015fteriler i\u00e7in API anahtar\u0131 kullanarak Redis tabanl\u0131 limitlerin do\u011fru \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 do\u011frulay\u0131n.<\/li>\n<li>Uzun s\u00fcreli y\u00fck alt\u0131nda, Redis ve Nginx node&#8217;lar\u0131n\u0131z\u0131n kaynak kullan\u0131m\u0131n\u0131 (CPU, RAM, IO) izleyin.<\/li>\n<\/ul>\n<p>DCHost \u00fczerindeki VPS ve dedicated sunucular\u0131n\u0131z\u0131 se\u00e7erken kapasite planlamas\u0131n\u0131 do\u011fru yapmak da burada \u00f6nemli. Bu konuda haz\u0131rlad\u0131\u011f\u0131m\u0131z CPU, RAM ve trafik hesaplama yaz\u0131lar\u0131m\u0131z\u0131 da mimarinizi planlama a\u015famas\u0131nda g\u00f6zden ge\u00e7irmenizi \u00f6neririz.<\/p>\n<h2><span id=\"DCHost_altyapisinda_pratik_rate_limiting_onerileri\">DCHost altyap\u0131s\u0131nda pratik rate limiting \u00f6nerileri<\/span><\/h2>\n<p>DCHost olarak hem y\u00fcksek trafikli API projeleri hem de orta \u00f6l\u00e7ekli SaaS uygulamalar\u0131 i\u00e7in s\u0131k\u00e7a benzer mimariler kurguluyoruz. Saha deneyimimizden s\u00fcz\u00fclen birka\u00e7 pratik tavsiyeyi \u00f6zetleyelim.<\/p>\n<h3><span id=\"Kucuk_ve_orta_olcekli_API_projeleri\">K\u00fc\u00e7\u00fck ve orta \u00f6l\u00e7ekli API projeleri<\/span><\/h3>\n<ul>\n<li>Tek veya iki VPS ile ba\u015fl\u0131yorsan\u0131z, Nginx&#8217;in kendi limit_req ve limit_conn \u00f6zellikleri \u00e7o\u011fu zaman yeterlidir.<\/li>\n<li>Redis&#8217;i hemen oyuna almak yerine, \u00f6nce Nginx taraf\u0131nda IP ve kullan\u0131c\u0131 bazl\u0131 basit limitlerle ba\u015flay\u0131n.<\/li>\n<li>Cloudflare&#8217;\u0131 en az\u0131ndan temel WAF ve kaba rate limit i\u00e7in mutlaka devreye al\u0131n.<\/li>\n<\/ul>\n<h3><span id=\"Buyuyen_SaaS_ve_cok_kiracili_mimariler\">B\u00fcy\u00fcyen SaaS ve \u00e7ok kirac\u0131l\u0131 mimariler<\/span><\/h3>\n<ul>\n<li>Uygulama sunucular\u0131n\u0131z\u0131 ayr\u0131 VPS&#8217;lere, Redis&#8217;i ise ayr\u0131 bir VPS veya dedicated sunucuya ta\u015f\u0131y\u0131n.<\/li>\n<li>Rate limiting mant\u0131\u011f\u0131n\u0131 kod taraf\u0131na de\u011fil, m\u00fcmk\u00fcn oldu\u011funca Redis + Nginx kombinasyonuna ta\u015f\u0131y\u0131n; b\u00f6ylece farkl\u0131 teknoloji stack&#8217;lerine sahip mikroservisler bile ortak bir limit altyap\u0131s\u0131n\u0131 kullanabilir.<\/li>\n<li>M\u00fc\u015fteri paketlerinizi (Basic, Pro, Enterprise vb.) analiz edip, her biri i\u00e7in saniye, dakika ve ayl\u0131k toplam istek limitlerini netle\u015ftirin.<\/li>\n<\/ul>\n<h3><span id=\"Yuksek_trafikli_ve_kritik_API8217ler\">Y\u00fcksek trafikli ve kritik API&#8217;ler<\/span><\/h3>\n<ul>\n<li>En az iki farkl\u0131 lokasyonda VPS veya dedicated sunucu ile y\u00fcksek eri\u015filebilirlik senaryosu kurun.<\/li>\n<li>Cloudflare edge rate limiting + Nginx node ba\u015f\u0131 limit + Redis merkezi limit \u00fc\u00e7l\u00fcs\u00fcn\u00fc birlikte kullan\u0131n.<\/li>\n<li>Rate limiting kararlar\u0131n\u0131za mutlaka <strong>i\u015f birimi<\/strong> ile birlikte karar verin; baz\u0131 kurumsal m\u00fc\u015fterileriniz i\u00e7in daha esnek s\u0131n\u0131rlar, SLA ve faturaland\u0131rma ile ba\u011flant\u0131l\u0131 olabilir.<\/li>\n<\/ul>\n<p>Altyap\u0131n\u0131z\u0131 DCHost \u00fczerinde planlarken, API ve mikroservis trafi\u011finiz i\u00e7in en uygun kombinasyonu birlikte tasarlayabilir, gerekirse <strong>VPS, dedicated sunucu ve colocation<\/strong> se\u00e7eneklerini ayn\u0131 mimaride kullanabiliriz.<\/p>\n<h2><span id=\"Sonuc_ve_yol_haritasi\">Sonu\u00e7 ve yol haritas\u0131<\/span><\/h2>\n<p>Rate limiting, API veya mikroservis mimarinize sonradan ekleyece\u011finiz k\u00fc\u00e7\u00fck bir eklenti de\u011fil, ba\u015ftan tasar\u0131m\u0131n par\u00e7as\u0131 olmas\u0131 gereken temel bir bile\u015fendir. Do\u011fru kurguland\u0131\u011f\u0131nda, sald\u0131r\u0131lar\u0131 daha uygulamaya gelmeden Cloudflare katman\u0131nda durdurur, Nginx ile her endpoint&#8217;in hakk\u0131n\u0131 verir, Redis ile de t\u00fcm node&#8217;lar\u0131n\u0131zda tutarl\u0131 ve adil bir h\u0131z kontrol\u00fc sa\u011flars\u0131n\u0131z.<\/p>\n<p>\u00d6zetle \u00f6nerdi\u011fimiz yol haritas\u0131 \u015f\u00f6yle:<\/p>\n<ul>\n<li>\u00d6nce i\u015f ve trafik modellerinizi analiz edin; kim, neye, ne s\u0131kl\u0131kta eri\u015fecek sorular\u0131na net cevap verin.<\/li>\n<li>Edge katman\u0131nda Cloudflare ile kaba rate limit ve WAF kurallar\u0131n\u0131z\u0131 olu\u015fturun.<\/li>\n<li>Nginx \u00fczerinde IP, kullan\u0131c\u0131 veya API anahtar\u0131 bazl\u0131 temel limitleri tan\u0131mlay\u0131n; kritik endpoint&#8217;leri ayr\u0131ca ele al\u0131n.<\/li>\n<li>Altyap\u0131n\u0131z \u00e7ok sunuculu hale geldi\u011finde Redis tabanl\u0131 merkezi rate limiting&#8217;e ge\u00e7in ve sliding window\/token bucket gibi daha geli\u015fmi\u015f modelleri kullan\u0131n.<\/li>\n<li>429 oranlar\u0131n\u0131, Redis gecikmelerini ve endpoint bazl\u0131 limit ihlallerini s\u00fcrekli izleyin; gerekti\u011finde limitleri kademeli olarak ayarlay\u0131n.<\/li>\n<\/ul>\n<p>E\u011fer API veya mikroservis projenizi yeni planl\u0131yorsan\u0131z ya da mevcut trafi\u011finizde zaman zaman bo\u011fulmalar ya\u015f\u0131yorsan\u0131z, DCHost ekibi olarak mimarinizi birlikte g\u00f6zden ge\u00e7irip Nginx, Cloudflare ve Redis ile size \u00f6zel bir rate limiting stratejisi \u00e7\u0131karmaktan memnuniyet duyar\u0131z. Do\u011fru tasarlanm\u0131\u015f bir trafik kontrol\u00fc, yaln\u0131zca g\u00fcvenli\u011fi de\u011fil, ayn\u0131 zamanda m\u00fc\u015fteri memnuniyetini ve altyap\u0131 maliyetlerinizi de do\u011frudan iyile\u015ftirir.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\u0130&ccedil;indekiler1 API ve mikroservislerde rate limiting neden bu kadar kritik?2 Rate limiting temelleri: Ne s\u0131n\u0131rlan\u0131r, nas\u0131l s\u0131n\u0131rlan\u0131r?2.1 Hangi anahtara g\u00f6re limit?2.2 Hangi matematiksel model?3 Mimari kararlar: Rate limiting nerede uygulanmal\u0131?3.1 1. Edge katman\u0131: Cloudflare ile ilk savunma hatt\u01313.2 2. Reverse proxy katman\u0131: Nginx ile uygulama \u00f6n\u00fcnde ince ayar3.3 3. Payla\u015f\u0131lan saya\u00e7 katman\u0131: Redis ile da\u011f\u0131t\u0131k [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3455,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-3454","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/3454","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=3454"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/3454\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/3455"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=3454"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=3454"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=3454"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}