How to rate limit per MAC address?

Erik Aigner asked:

I need to rate limit an API server. Is it possible to configure a machine to rate limit requests per MAC address? If not, are there any other viable options?

I want to rate limit per MAC, because multiple users could share one IP.

My answer:

You need to redesign your application.

You can’t rate limit by MAC address because you have absolutely no way to obtain the user’s MAC address, since you are not on the user’s local network.

The way everyone else does this is to issue unique API keys to each individual user, and then to rate limit usage by API key.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.